Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538296
MD5:	878b753b8c22d7782cb0e5c6be782615
SHA1:	a821b0cc3e11b8f68243244e5d2974b09663e02d
SHA256:	4cea700652bb60495c8fa817eb305c945b6ace97c21a0d59091251ff45b92a3e
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 878B753B8C22D7782CB0E5C6BE782615)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "clearancek.site", "studennotediw.store", "spirittunek.store", "bathdoomgaz.store", "eaglepawnoy.store", "mobbipenju.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:27.130110+0200	2054653	1	A Network Trojan was detected	192.168.2.9	49752	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:27.130110+0200	2049836	1	A Network Trojan was detected	192.168.2.9	49752	172.67.206.204	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.248240+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.9	59138	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.183859+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.9	51689	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.225121+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.9	64704	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.212697+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.9	63316	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.273460+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.9	63628	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.199613+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.9	54412	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.260437+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.9	65095	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:24.237050+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.9	65164	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T23:42:26.150086+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.9	49742	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900/badges

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.7280.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "clearancek.site", "studennotediw.store", "spirittunek.store", "bathdoomgaz.store", "eaglepawnoy.store", "mobbipenju.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49752 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00AF695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00ABFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00AEF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00ACB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00AF1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00ACD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00AB8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00AF7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AEB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00AF67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00AF7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00AB49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00AF3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00ACD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00AB5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00AE0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00AEFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00AD7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00ADEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00AB6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00AC0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AD5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00ACFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AD9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AEFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.9:64704 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.9:59138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.9:54412 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.9:65095 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.9:63316 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.9:51689 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.9:63628 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.9:65164 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.9:49742 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49752 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49752 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: licendfilteo.site

Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View	IP Address: 172.67.206.204 172.67.206.204

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1432126089.000000000152A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store/api
Source: file.exe, 00000000.00000003.1424712895.0000000001584000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1432453116.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1424712895.0000000001584000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001584000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apibR
Source: file.exe, 00000000.00000003.1424569065.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apip
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432126089.0000000001546000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432126089.0000000001546000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49752 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0228	0_2_00AC0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA0D0	0_2_00AFA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2030	0_2_00AC2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1000	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4040	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE1A0	0_2_00ABE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB71F0	0_2_00AB71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB5160	0_2_00AB5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1	0_2_00C762F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C802F3	0_2_00C802F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB12F7	0_2_00AB12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C712A7	0_2_00C712A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE82D0	0_2_00AE82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE12D0	0_2_00AE12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB13A3	0_2_00AB13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB3A0	0_2_00ABB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B443A0	0_2_00B443A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE23E0	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA300	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7B327	0_2_00C7B327
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4487	0_2_00AC4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC049B	0_2_00AC049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE64F0	0_2_00AE64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC470	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB35B0	0_2_00AB35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8590	0_2_00AB8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACC5F0	0_2_00ACC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F6EE	0_2_00C0F6EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF86F0	0_2_00AF86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF620	0_2_00AEF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB164F	0_2_00AB164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8652	0_2_00AF8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F7CA	0_2_00C6F7CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE8A0	0_2_00AEE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB8C0	0_2_00AEB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1860	0_2_00AE1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74826	0_2_00C74826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA850	0_2_00ABA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F9CC	0_2_00C6F9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF89A0	0_2_00AF89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD098B	0_2_00AD098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A93B	0_2_00C7A93B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7AB0	0_2_00AF7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8A80	0_2_00AF8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5FA03	0_2_00C5FA03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4A40	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7BF0	0_2_00AB7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACDB6F	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6CBF	0_2_00AF6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8CA6	0_2_00BD8CA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADCCD0	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4DC64	0_2_00C4DC64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8C02	0_2_00AF8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C13C2D	0_2_00C13C2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADDD29	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADFD10	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8D62	0_2_00AD8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72D2E	0_2_00C72D2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EED4	0_2_00C7EED4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6EBF	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBEB0	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C77EA7	0_2_00C77EA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4E2A	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7CE5B	0_2_00C7CE5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8E70	0_2_00AF8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADAE57	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7FC0	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8FD0	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAF10	0_2_00ABAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ACD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ABCAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9994520936468647

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE8220 CoCreateInstance,

0_2_00AE8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 36%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: .RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeh\

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2919936 > 1048576

Source: file.exe

Static PE information: Raw size of ejqelyvn is bigger than: 0x100000 < 0x29f600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ab0000.0.unpack :EW;.rsrc :W;.idata :W;ejqelyvn:EW;edioudlh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;ejqelyvn:EW;edioudlh:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d1616 should be: 0x2cbeb2

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: ejqelyvn
Source: file.exe	Static PE information: section name: edioudlh
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A050 push 1997FF75h; mov dword ptr [esp], esi	0_2_00D2A09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A050 push 179FCFF1h; mov dword ptr [esp], edi	0_2_00D2A10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44060 push edx; mov dword ptr [esp], 532D3735h	0_2_00C440E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E06C push 6C8F5336h; mov dword ptr [esp], esi	0_2_00D9E08F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D29014 push 289733ADh; mov dword ptr [esp], edx	0_2_00D29075
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA9180 push 54CDE77Fh; mov dword ptr [esp], ecx	0_2_00CA91A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ecx; mov dword ptr [esp], esp	0_2_00C762FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebp; mov dword ptr [esp], edx	0_2_00C76308
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebx; mov dword ptr [esp], esi	0_2_00C7630C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 5AE0889Dh; mov dword ptr [esp], edx	0_2_00C76369
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push esi; mov dword ptr [esp], 7FD7DC46h	0_2_00C76383
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push esi; mov dword ptr [esp], eax	0_2_00C76400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push esi; mov dword ptr [esp], eax	0_2_00C7654C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push edi; mov dword ptr [esp], edx	0_2_00C76550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push esi; mov dword ptr [esp], 7A41E3A4h	0_2_00C7658E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebp; mov dword ptr [esp], ebx	0_2_00C766DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push edx; mov dword ptr [esp], edi	0_2_00C766E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 3687CB92h; mov dword ptr [esp], edi	0_2_00C7670D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebp; mov dword ptr [esp], edi	0_2_00C76722
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 75195E1Dh; mov dword ptr [esp], edx	0_2_00C767A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ecx; mov dword ptr [esp], eax	0_2_00C767D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push eax; mov dword ptr [esp], edi	0_2_00C768B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 46499295h; mov dword ptr [esp], ebp	0_2_00C768D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 7195E0F2h; mov dword ptr [esp], ebx	0_2_00C76921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 797C6C0Ch; mov dword ptr [esp], ecx	0_2_00C7699B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebp; mov dword ptr [esp], 0000009Ch	0_2_00C769A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ecx; mov dword ptr [esp], 07FBCC51h	0_2_00C76A1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push ebx; mov dword ptr [esp], edx	0_2_00C76A7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 0FFE9919h; mov dword ptr [esp], edi	0_2_00C76B70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 62B47362h; mov dword ptr [esp], esi	0_2_00C76C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C762F1 push 56171AEEh; mov dword ptr [esp], ecx	0_2_00C76C18

Source: file.exe

Static PE information: section name: entropy: 7.977375415394604

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8441F second address: C8442A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 js 00007FB77107EAD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8442A second address: C8444C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB770B5FD58h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8444C second address: C84450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8456B second address: C8456F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8456F second address: C84593 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FB77107EAE3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB77107EADBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84718 second address: C8471C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C849FA second address: C849FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C849FE second address: C84A10 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FB770B5FD48h 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88626 second address: C8862C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C886D3 second address: C88778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov ch, 8Ah 0x00000008 push 00000000h 0x0000000a jc 00007FB770B5FD49h 0x00000010 push 3140BD7Fh 0x00000015 push esi 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FB770B5FD58h 0x0000001e popad 0x0000001f pop esi 0x00000020 xor dword ptr [esp], 3140BDFFh 0x00000027 pushad 0x00000028 mov ebx, 72D5F08Ah 0x0000002d popad 0x0000002e push 00000003h 0x00000030 mov dword ptr [ebp+122D1C57h], eax 0x00000036 push 00000000h 0x00000038 sub dword ptr [ebp+122D1C4Bh], esi 0x0000003e push 00000003h 0x00000040 push 00000000h 0x00000042 push edi 0x00000043 call 00007FB770B5FD48h 0x00000048 pop edi 0x00000049 mov dword ptr [esp+04h], edi 0x0000004d add dword ptr [esp+04h], 0000001Dh 0x00000055 inc edi 0x00000056 push edi 0x00000057 ret 0x00000058 pop edi 0x00000059 ret 0x0000005a mov cl, 5Dh 0x0000005c call 00007FB770B5FD49h 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 jmp 00007FB770B5FD59h 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88778 second address: C8877E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8877E second address: C8879D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB770B5FD54h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8879D second address: C887C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB77107EADBh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C887C8 second address: C887FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jne 00007FB770B5FD46h 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007FB770B5FD58h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C887FA second address: C88801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8889C second address: C888A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C888A2 second address: C888CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 nop 0x00000007 jmp 00007FB77107EADDh 0x0000000c push 00000000h 0x0000000e and cx, 6A00h 0x00000013 push 54072422h 0x00000018 push eax 0x00000019 push edx 0x0000001a jg 00007FB77107EAD8h 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C888CC second address: C88939 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB770B5FD48h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 540724A2h 0x00000013 sbb edi, 564C6080h 0x00000019 push 00000003h 0x0000001b call 00007FB770B5FD54h 0x00000020 mov ecx, eax 0x00000022 pop ecx 0x00000023 mov esi, dword ptr [ebp+122D3107h] 0x00000029 push 00000000h 0x0000002b mov cl, al 0x0000002d mov esi, dword ptr [ebp+122D31F1h] 0x00000033 push 00000003h 0x00000035 call 00007FB770B5FD49h 0x0000003a push ecx 0x0000003b jmp 00007FB770B5FD4Fh 0x00000040 pop ecx 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jne 00007FB770B5FD4Ch 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88939 second address: C8895C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB77107EADEh 0x00000008 jng 00007FB77107EAD6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8895C second address: C88977 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FB770B5FD46h 0x0000000d pop edx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 je 00007FB770B5FD46h 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88977 second address: C889D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jbe 00007FB77107EAE2h 0x00000014 pop eax 0x00000015 mov esi, 0486865Fh 0x0000001a mov esi, edx 0x0000001c lea ebx, dword ptr [ebp+1244854Ah] 0x00000022 push 00000000h 0x00000024 push edx 0x00000025 call 00007FB77107EAD8h 0x0000002a pop edx 0x0000002b mov dword ptr [esp+04h], edx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc edx 0x00000038 push edx 0x00000039 ret 0x0000003a pop edx 0x0000003b ret 0x0000003c sub dword ptr [ebp+122D1CD1h], edi 0x00000042 xchg eax, ebx 0x00000043 pushad 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 pop edx 0x00000048 push esi 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C889D6 second address: C889F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB770B5FD55h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88A45 second address: C88A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88A49 second address: C88A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88A4F second address: C88A70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB77107EAE5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88A70 second address: C88AB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b and di, EDE8h 0x00000010 clc 0x00000011 push 00000000h 0x00000013 call 00007FB770B5FD56h 0x00000018 cld 0x00000019 pop ecx 0x0000001a call 00007FB770B5FD49h 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88BBC second address: C88BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88BCA second address: C88BE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C88BE8 second address: C88BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74328 second address: C74347 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB770B5FD53h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7485 second address: CA7493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB77107EAD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7493 second address: CA7497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7A65 second address: CA7A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7A6F second address: CA7A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7A75 second address: CA7A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7A79 second address: CA7A83 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB770B5FD46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7BE0 second address: CA7BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7BE4 second address: CA7BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD51h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7E7C second address: CA7E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE4h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7E95 second address: CA7E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8018 second address: CA8029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jnc 00007FB77107EAD6h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8029 second address: CA802E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA830B second address: CA831A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FB77107EAD6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA85AE second address: CA85BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB770B5FD46h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA85BD second address: CA85C9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB77107EAD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA85C9 second address: CA85D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FB770B5FD46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA85D3 second address: CA85F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FB77107EAD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FB77107EADCh 0x00000012 js 00007FB77107EAD6h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA85F2 second address: CA8611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007FB770B5FD58h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F747 second address: C9F763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EAE7h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA87B3 second address: CA87B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8D91 second address: CA8DC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FB77107EAE1h 0x0000000c jmp 00007FB77107EAE8h 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8DC8 second address: CA8DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8DCE second address: CA8DDC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB77107EADCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8DDC second address: CA8DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8F78 second address: CA8F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FB77107EAD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75DE2 second address: C75DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD51h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75DF7 second address: C75DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75DFB second address: C75E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB770B5FD46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75E0B second address: C75E11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF697 second address: CAF69D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF771 second address: CAF775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF775 second address: CAF787 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FB770B5FD46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF787 second address: CAF7AE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FB77107EAE6h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF8CD second address: CAF8D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1744 second address: CB1768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FB77107EAE9h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1768 second address: CB177F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FB770B5FD51h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB177F second address: CB1789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB77107EAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E3E3 second address: C7E41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB770B5FD4Ch 0x0000000a jmp 00007FB770B5FD57h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007FB770B5FD46h 0x0000001a jnp 00007FB770B5FD46h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E41B second address: C7E42B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jo 00007FB77107EAD6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E42B second address: C7E442 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD51h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E442 second address: C7E450 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB77107EAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E450 second address: C7E456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E456 second address: C7E45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB43DA second address: CB43E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB43E0 second address: CB43E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB43E4 second address: CB43E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB49C4 second address: CB49C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B3B second address: CB4B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD53h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B52 second address: CB4B70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FB77107EAD8h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B70 second address: CB4B89 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB770B5FD53h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4CD6 second address: CB4CE2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007FB77107EAD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4CE2 second address: CB4CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FB770B5FD46h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4CF2 second address: CB4CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8620 second address: CB8625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8922 second address: CB8928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8928 second address: CB892F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8A55 second address: CB8A72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9062 second address: CB907B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB770B5FD51h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB907B second address: CB907F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB907F second address: CB90C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FB770B5FD48h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 or esi, dword ptr [ebp+122D1CDBh] 0x00000028 nop 0x00000029 pushad 0x0000002a jmp 00007FB770B5FD58h 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB90C9 second address: CB90DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FB77107EAD6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9247 second address: CB9251 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9251 second address: CB9272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007FB77107EAF2h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9272 second address: CB9276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9320 second address: CB932A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB932A second address: CB9343 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jno 00007FB770B5FD46h 0x00000012 je 00007FB770B5FD46h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB956D second address: CB9571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9571 second address: CB958B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB770B5FD52h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB958B second address: CB958F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBAA64 second address: CBAA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007FB770B5FD4Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jl 00007FB770B5FD46h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 jbe 00007FB770B5FD46h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBAA81 second address: CBAA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB086 second address: CBB08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB08A second address: CBB13F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FB77107EAE6h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FB77107EAD8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 jmp 00007FB77107EAE5h 0x0000002d push 00000000h 0x0000002f jmp 00007FB77107EAE6h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007FB77107EAD8h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jmp 00007FB77107EAE7h 0x00000059 jmp 00007FB77107EADAh 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBAFF second address: CBBB24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FB770B5FD54h 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007FB770B5FD46h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCBA8 second address: CBCBAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCC44 second address: CBCC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE12B second address: CBE12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFA9B second address: CBFA9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFA9F second address: CBFAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC08D4 second address: CC08D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1508 second address: CC150C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4DC7 second address: CC4DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FB770B5FD51h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f jl 00007FB770B5FD4Bh 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+124464EFh] 0x0000001d push eax 0x0000001e push esi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4009 second address: CC402A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FB77107EAD6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4F8D second address: CC4F92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5090 second address: CC50A5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB77107EADCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5FF1 second address: CC5FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6F52 second address: CC6F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FB77107EAD6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6F62 second address: CC6F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6F66 second address: CC6F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5FF7 second address: CC609F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FB770B5FD48h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 sub bh, FFFFFFA8h 0x00000028 ja 00007FB770B5FD46h 0x0000002e push dword ptr fs:[00000000h] 0x00000035 call 00007FB770B5FD4Ah 0x0000003a sbb bl, 0000005Fh 0x0000003d pop edi 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov ebx, edx 0x00000047 mov eax, dword ptr [ebp+122D0995h] 0x0000004d push 00000000h 0x0000004f push ecx 0x00000050 call 00007FB770B5FD48h 0x00000055 pop ecx 0x00000056 mov dword ptr [esp+04h], ecx 0x0000005a add dword ptr [esp+04h], 0000001Ah 0x00000062 inc ecx 0x00000063 push ecx 0x00000064 ret 0x00000065 pop ecx 0x00000066 ret 0x00000067 jmp 00007FB770B5FD58h 0x0000006c mov dword ptr [ebp+122D1D57h], eax 0x00000072 push FFFFFFFFh 0x00000074 mov edi, dword ptr [ebp+122D367Dh] 0x0000007a nop 0x0000007b jnp 00007FB770B5FD50h 0x00000081 push eax 0x00000082 push edx 0x00000083 pushad 0x00000084 popad 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7F89 second address: CC7FA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7FA3 second address: CC7FC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FB770B5FD51h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7FC0 second address: CC7FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7FC7 second address: CC805D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ebx, dword ptr [ebp+122D32A0h] 0x0000000f and ebx, dword ptr [ebp+122D3053h] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov dword ptr [ebp+122D1F0Ch], ecx 0x00000022 mov edi, dword ptr [ebp+122D1C40h] 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+122D1BF7h], ecx 0x00000035 mov eax, dword ptr [ebp+122D0725h] 0x0000003b push 00000000h 0x0000003d push ebp 0x0000003e call 00007FB770B5FD48h 0x00000043 pop ebp 0x00000044 mov dword ptr [esp+04h], ebp 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc ebp 0x00000051 push ebp 0x00000052 ret 0x00000053 pop ebp 0x00000054 ret 0x00000055 mov dword ptr [ebp+1244C2DEh], esi 0x0000005b cld 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push ebp 0x00000061 call 00007FB770B5FD48h 0x00000066 pop ebp 0x00000067 mov dword ptr [esp+04h], ebp 0x0000006b add dword ptr [esp+04h], 00000014h 0x00000073 inc ebp 0x00000074 push ebp 0x00000075 ret 0x00000076 pop ebp 0x00000077 ret 0x00000078 mov edi, dword ptr [ebp+122D2E37h] 0x0000007e nop 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 jg 00007FB770B5FD46h 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC805D second address: CC8063 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8FB4 second address: CC8FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8FB8 second address: CC8FC2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCAD76 second address: CCAD7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8FC2 second address: CC9057 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FB77107EAD8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push ebx 0x00000025 push eax 0x00000026 pop ebx 0x00000027 pop ebx 0x00000028 call 00007FB77107EADEh 0x0000002d pop edi 0x0000002e push dword ptr fs:[00000000h] 0x00000035 jp 00007FB77107EADCh 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 adc ebx, 0063B664h 0x00000048 push ecx 0x00000049 movzx edi, dx 0x0000004c pop edi 0x0000004d mov eax, dword ptr [ebp+122D0979h] 0x00000053 mov ebx, 23735D72h 0x00000058 push FFFFFFFFh 0x0000005a mov edi, dword ptr [ebp+122D1E5Dh] 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 jo 00007FB77107EAE2h 0x00000069 jmp 00007FB77107EADCh 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCC9E second address: CCCCA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCA2 second address: CCCCAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCAF second address: CCCCB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCCB3 second address: CCCD41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007FB77107EAD6h 0x00000010 pop eax 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FB77107EAD8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d add dword ptr [ebp+122D1F61h], ecx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007FB77107EAD8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 and ebx, dword ptr [ebp+122D2DDBh] 0x00000058 pop edi 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jns 00007FB77107EAE1h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCD41 second address: CCCD48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDC9F second address: CCDCB4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FB77107EAD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCB4 second address: CCDCC3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FB770B5FD46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCECB3 second address: CCECB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCECB9 second address: CCECD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFBFC second address: CCFC49 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, 3ADBE836h 0x0000000e mov edi, 20BF72A4h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FB77107EAD8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f sub edi, 6C62D252h 0x00000035 push 00000000h 0x00000037 mov bx, dx 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e push ebx 0x0000003f pop ebx 0x00000040 jnp 00007FB77107EAD6h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFC49 second address: CCFC54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FB770B5FD46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFC54 second address: CCFC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0D13 second address: CD0D19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0D19 second address: CD0D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0D1D second address: CD0D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub dword ptr [ebp+122D5AB3h], edi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FB770B5FD48h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b jne 00007FB770B5FD4Ch 0x00000031 push 00000000h 0x00000033 movzx edi, di 0x00000036 xchg eax, esi 0x00000037 push ebx 0x00000038 jmp 00007FB770B5FD4Bh 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCE1C second address: CCCEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FB77107EAD8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov edi, 6CCB6CE4h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f stc 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007FB77107EAD8h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 0000001Bh 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 mov ebx, dword ptr [ebp+122D3093h] 0x00000057 mov edi, dword ptr [ebp+122D2CDFh] 0x0000005d movzx ebx, si 0x00000060 mov eax, dword ptr [ebp+122D0BE9h] 0x00000066 mov edi, dword ptr [ebp+12445A8Ch] 0x0000006c push FFFFFFFFh 0x0000006e jng 00007FB77107EADAh 0x00000074 push ebx 0x00000075 push ecx 0x00000076 pop ebx 0x00000077 pop edi 0x00000078 nop 0x00000079 pushad 0x0000007a pushad 0x0000007b je 00007FB77107EAD6h 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDF82 second address: CCDF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCEAB second address: CCCECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FB77107EAE2h 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e push edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCCECA second address: CCCED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFEDD second address: CCFEE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2D01 second address: CD2D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFEE1 second address: CCFEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2D05 second address: CD2D62 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c xor di, 6DA0h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FB770B5FD48h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f xor dword ptr [ebp+122D1D57h], edx 0x00000035 mov edi, 4CF278EDh 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c pushad 0x0000003d jmp 00007FB770B5FD55h 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0FA3 second address: CD0FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77107EAE3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9EDD second address: CD9EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD50h 0x00000009 popad 0x0000000a jl 00007FB770B5FD64h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9EFD second address: CD9F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9F09 second address: CD9F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC70B second address: CDC72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007FB77107EADAh 0x0000000a jmp 00007FB77107EADBh 0x0000000f pop esi 0x00000010 pop ecx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC72E second address: CDC77B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD59h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB770B5FD58h 0x00000011 jmp 00007FB770B5FD53h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC77B second address: CDC783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C793FB second address: C793FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C793FF second address: C79403 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79403 second address: C79409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79409 second address: C7940F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFD57 second address: CDFD70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a push eax 0x0000000b jo 00007FB770B5FD54h 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FB770B5FD46h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFD70 second address: CDFD86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jbe 00007FB77107EAD6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE57BF second address: CE57C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE57C7 second address: CE57CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE57CE second address: CE57DA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB770B5FD4Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE57DA second address: CE57E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007FB77107EAD6h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE5F2A second address: CE5F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD53h 0x00000009 push edi 0x0000000a pushad 0x0000000b jnl 00007FB770B5FD46h 0x00000011 jmp 00007FB770B5FD57h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE60FE second address: CE6106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE6106 second address: CE610A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE6271 second address: CE6275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE6513 second address: CE654D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD57h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jg 00007FB770B5FD46h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FB770B5FD52h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE654D second address: CE6560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FB77107EAD6h 0x0000000d jnc 00007FB77107EAD6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE6560 second address: CE6566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB06C second address: CEB072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB072 second address: CEB08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB770B5FD46h 0x0000000a popad 0x0000000b js 00007FB770B5FD52h 0x00000011 jg 00007FB770B5FD46h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB349 second address: CEB351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB351 second address: CEB369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB770B5FD4Fh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB369 second address: CEB36D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB36D second address: CEB39B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FB770B5FD59h 0x0000000e jmp 00007FB770B5FD4Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB39B second address: CEB3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB77107EAD6h 0x0000000a popad 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jno 00007FB77107EAD6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB3B2 second address: CEB3D3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB770B5FD46h 0x00000008 jmp 00007FB770B5FD54h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB3D3 second address: CEB3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB4E9 second address: CEB4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB4F2 second address: CEB4F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB4F6 second address: CEB527 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edx 0x00000008 pushad 0x00000009 jnc 00007FB770B5FD46h 0x0000000f jmp 00007FB770B5FD51h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jng 00007FB770B5FD46h 0x0000001f jo 00007FB770B5FD46h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB527 second address: CEB52B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB93A second address: CEB940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBBDF second address: CEBBFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB77107EAE6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBBFB second address: CEBC19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD54h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FB770B5FD46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBEAA second address: CEBEBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB77107EAD6h 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBEBD second address: CEBEC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0367 second address: CA037D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FB77107EAD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FB77107EAD6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA037D second address: CA039A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB770B5FD46h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007FB770B5FD46h 0x00000013 jp 00007FB770B5FD46h 0x00000019 push edi 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEABEF second address: CEABF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEABF5 second address: CEABFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEABFB second address: CEAC0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB77107EAD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAC0C second address: CEAC10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAC10 second address: CEAC20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FB77107EAD6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAC20 second address: CEAC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7798B second address: C7799A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 js 00007FB77107EAD6h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7799A second address: C779D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD55h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FB770B5FD56h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FB770B5FD4Eh 0x0000001d js 00007FB770B5FD48h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C779D8 second address: C779DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0C5F second address: CF0C7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB770B5FD51h 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0C7C second address: CF0C8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FB77107EAD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0F7D second address: CF0FA9 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB770B5FD46h 0x00000008 jmp 00007FB770B5FD52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FB770B5FD4Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0FA9 second address: CF0FBB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 ja 00007FB77107EB0Ch 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0FBB second address: CF0FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0FC3 second address: CF0FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0FC9 second address: CF0FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FB770B5FD58h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF16A4 second address: CF16C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB77107EAD6h 0x00000008 jmp 00007FB77107EADDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jne 00007FB77107EADCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1847 second address: CF184F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF184F second address: CF1855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1855 second address: CF185F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF185F second address: CF1865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1865 second address: CF186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1CC0 second address: CF1CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB77107EAD6h 0x0000000a jmp 00007FB77107EAE2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5D8C second address: CF5DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB770B5FD46h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FB770B5FD53h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5DB0 second address: CF5DCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE2h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF94FA second address: CF9506 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB770B5FD46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB25 second address: CFDB49 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB77107EAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB77107EAE2h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB49 second address: CFDB51 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB51 second address: CFDB57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB57 second address: CFDB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB5B second address: CFDB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDB5F second address: CFDB6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6B67 second address: C9F747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push ebx 0x0000000c jp 00007FB77107EAD8h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FB77107EAD8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 cld 0x00000031 mov edx, eax 0x00000033 lea eax, dword ptr [ebp+12476959h] 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007FB77107EAD8h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 0000001Ah 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 nop 0x00000054 jmp 00007FB77107EADFh 0x00000059 push eax 0x0000005a jmp 00007FB77107EAE9h 0x0000005f nop 0x00000060 mov dword ptr [ebp+122D32AAh], ebx 0x00000066 call dword ptr [ebp+122D1CBDh] 0x0000006c push eax 0x0000006d push edx 0x0000006e push edx 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7106 second address: CB710B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB710B second address: CB7112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7226 second address: CB722B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB722B second address: CB7231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB73D8 second address: CB7431 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FB770B5FD46h 0x00000009 jmp 00007FB770B5FD4Ah 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], esi 0x00000014 jnc 00007FB770B5FD50h 0x0000001a nop 0x0000001b jl 00007FB770B5FD4Eh 0x00000021 push edx 0x00000022 jnc 00007FB770B5FD46h 0x00000028 pop edx 0x00000029 push eax 0x0000002a pushad 0x0000002b jns 00007FB770B5FD57h 0x00000031 jl 00007FB770B5FD4Ch 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7641 second address: CB7647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7647 second address: CB7670 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 jmp 00007FB770B5FD58h 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7670 second address: CB7681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77107EADDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7681 second address: CB76A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 stc 0x0000000a push ecx 0x0000000b pushad 0x0000000c mov ecx, dword ptr [ebp+122D2DF3h] 0x00000012 sub bl, FFFFFFCBh 0x00000015 popad 0x00000016 pop edi 0x00000017 push 00000004h 0x00000019 mov dl, 2Bh 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push edi 0x00000020 pop edi 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB79D0 second address: CB79D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7D57 second address: CB7DC1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB770B5FD4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c jne 00007FB770B5FD4Ch 0x00000012 pop esi 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 je 00007FB770B5FD5Bh 0x0000001d jmp 00007FB770B5FD55h 0x00000022 mov eax, dword ptr [eax] 0x00000024 jno 00007FB770B5FD52h 0x0000002a mov dword ptr [esp+04h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FB770B5FD52h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7E77 second address: CB7E8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77107EAE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7E8B second address: CB7F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnl 00007FB770B5FD4Ah 0x00000012 nop 0x00000013 or edi, dword ptr [ebp+122D1C89h] 0x00000019 lea eax, dword ptr [ebp+1247699Dh] 0x0000001f push 00000000h 0x00000021 push ecx 0x00000022 call 00007FB770B5FD48h 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], ecx 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc ecx 0x00000035 push ecx 0x00000036 ret 0x00000037 pop ecx 0x00000038 ret 0x00000039 pushad 0x0000003a jng 00007FB770B5FD47h 0x00000040 stc 0x00000041 or dword ptr [ebp+12448E23h], edx 0x00000047 popad 0x00000048 push eax 0x00000049 pushad 0x0000004a jmp 00007FB770B5FD4Eh 0x0000004f push eax 0x00000050 push edx 0x00000051 push esi 0x00000052 pop esi 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7F03 second address: CA0367 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FB77107EAD8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 movsx ecx, dx 0x0000002b call 00007FB77107EADEh 0x00000030 mov cx, di 0x00000033 pop edi 0x00000034 lea eax, dword ptr [ebp+12476959h] 0x0000003a jmp 00007FB77107EADFh 0x0000003f push eax 0x00000040 push esi 0x00000041 jmp 00007FB77107EADFh 0x00000046 pop esi 0x00000047 mov dword ptr [esp], eax 0x0000004a xor dword ptr [ebp+122D5AAEh], eax 0x00000050 mov cx, D881h 0x00000054 call dword ptr [ebp+122D31E8h] 0x0000005a push esi 0x0000005b je 00007FB77107EADCh 0x00000061 jnc 00007FB77107EAD6h 0x00000067 pop esi 0x00000068 pushad 0x00000069 push eax 0x0000006a push edx 0x0000006b jno 00007FB77107EAD6h 0x00000071 jp 00007FB77107EAD6h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCC50 second address: CFCC56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCC56 second address: CFCC5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCC5A second address: CFCC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCC60 second address: CFCC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB77107EAE2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCF60 second address: CFCF65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCF65 second address: CFCF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EAE3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCF7E second address: CFCF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCF94 second address: CFCFB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EAE0h 0x00000009 jmp 00007FB77107EADEh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD135 second address: CFD14F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD56h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD525 second address: CFD529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD529 second address: CFD537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FB770B5FD46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD537 second address: CFD556 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FB77107EAE6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD6EE second address: CFD6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD6F2 second address: CFD71B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77107EADDh 0x00000010 jnp 00007FB77107EAD6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD71B second address: CFD72B instructions: 0x00000000 rdtsc 0x00000002 je 00007FB770B5FD46h 0x00000008 je 00007FB770B5FD46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFFD9 second address: CFFFDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFFDE second address: CFFFF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB770B5FD51h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFFF5 second address: D00007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FB77107EB0Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00007 second address: D0000D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFCF9 second address: CFFCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFCFD second address: CFFD01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C9BA second address: C7C9C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02A31 second address: D02A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02A3F second address: D02A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05352 second address: D05356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05356 second address: D0535C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0535C second address: D0536E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB770B5FD48h 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FB770B5FD46h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0AC73 second address: D0AC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0AC77 second address: D0ACA3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB770B5FD46h 0x00000008 jmp 00007FB770B5FD52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FB770B5FD4Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0ACA3 second address: D0ACB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EADFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09830 second address: D09850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD55h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09850 second address: D0985D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007FB77107EADEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0985D second address: D09878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB770B5FD53h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7869 second address: CB786E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB786E second address: CB7878 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB770B5FD4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7878 second address: CB7892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 clc 0x0000000a push 00000004h 0x0000000c pushad 0x0000000d cld 0x0000000e mov edi, 54C6C980h 0x00000013 popad 0x00000014 nop 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09D6A second address: D09D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09D6E second address: D09D72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09ED1 second address: D09ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09ED5 second address: D09EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FB77107EADBh 0x0000000c jns 00007FB77107EAD6h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09EEE second address: D09F11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FB770B5FD46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A998 second address: D0A99C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D6B2 second address: D0D6B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70DF2 second address: C70DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70DF6 second address: C70E2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB770B5FD59h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D120BC second address: D120C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D120C4 second address: D120C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1220A second address: D12216 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnc 00007FB77107EAD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D12216 second address: D12220 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB770B5FD52h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D124F7 second address: D12510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CD0 second address: D17D22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FB770B5FD46h 0x0000000b jmp 00007FB770B5FD4Ch 0x00000010 jmp 00007FB770B5FD4Ah 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB770B5FD55h 0x0000001d jmp 00007FB770B5FD59h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17D22 second address: D17D28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1830C second address: D18314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D18314 second address: D18336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EAE5h 0x00000009 jp 00007FB77107EAD6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D18C0D second address: D18C11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19206 second address: D1920C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D194C8 second address: D194CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D19771 second address: D197AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB77107EAE9h 0x0000000a pushad 0x0000000b jmp 00007FB77107EAE7h 0x00000010 jng 00007FB77107EAD6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D197AF second address: D197BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D197BB second address: D197CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FB77107EADEh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E844 second address: D1E850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB770B5FD46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DF87 second address: D1DFB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE8h 0x00000007 jmp 00007FB77107EADDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DFB4 second address: D1DFCA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB770B5FD4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DFCA second address: D1DFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DFD0 second address: D1DFD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DFD4 second address: D1DFF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77107EAE5h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1DFF7 second address: D1E002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB770B5FD46h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E002 second address: D1E00D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007FB77107EAD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E182 second address: D1E186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E186 second address: D1E1A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB77107EAE9h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E1A5 second address: D1E1CD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB770B5FD63h 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E1CD second address: D1E1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E4D2 second address: D1E4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E4DA second address: D1E52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB77107EAE3h 0x0000000a jng 00007FB77107EADEh 0x00000010 push esi 0x00000011 pop esi 0x00000012 jbe 00007FB77107EAD6h 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007FB77107EAE9h 0x00000022 jmp 00007FB77107EADBh 0x00000027 popad 0x00000028 pushad 0x00000029 push edi 0x0000002a pop edi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E52F second address: D1E535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A9A2 second address: D2A9D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB77107EAE2h 0x0000000a jc 00007FB77107EAD8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB77107EADFh 0x0000001a push ecx 0x0000001b push edx 0x0000001c pop edx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D291B9 second address: D291C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D291C1 second address: D291D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FB77107EAD6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D291D0 second address: D291D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D291D4 second address: D29203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB77107EAD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007FB77107EAD8h 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB77107EAE8h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29339 second address: D29375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB770B5FD59h 0x0000000e jp 00007FB770B5FD52h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29375 second address: D2937B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294B6 second address: D294D3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB770B5FD57h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294D3 second address: D294DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294DB second address: D294DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D294DF second address: D294E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A135 second address: D2A13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A13C second address: D2A15C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EAE7h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A15C second address: D2A160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A86F second address: D2A874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A874 second address: D2A87D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D321D6 second address: D321E8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FB77107EADCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31B64 second address: D31B81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31B81 second address: D31B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FB77107EAD6h 0x0000000a jmp 00007FB77107EAE0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31B9B second address: D31BB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FB770B5FD4Eh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31BB9 second address: D31BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB77107EAD6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46B66 second address: D46B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46B6A second address: D46BCE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB77107EAE4h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007FB77107EAE9h 0x00000016 pop eax 0x00000017 jne 00007FB77107EAFAh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4679E second address: D467A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D467A5 second address: D467D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77107EAE9h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB77107EAE2h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D467D4 second address: D467E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD4Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E35 second address: D54E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E3C second address: D54E63 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB770B5FD58h 0x00000008 pushad 0x00000009 jmp 00007FB770B5FD4Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E63 second address: D54E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB77107EAD6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FB77107EAD8h 0x00000015 push edi 0x00000016 pop edi 0x00000017 je 00007FB77107EADEh 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E84 second address: D54E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E88 second address: D54E9E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB77107EADCh 0x00000008 jns 00007FB77107EADCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56DEB second address: D56DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007FB770B5FD4Dh 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56C92 second address: D56C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56C97 second address: D56CAA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB770B5FD4Ch 0x00000008 jnl 00007FB770B5FD46h 0x0000000e push eax 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D83F second address: D5D847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5DB38 second address: D5DB5B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB770B5FD59h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5DD28 second address: D5DD2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5EA78 second address: D5EA95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD53h 0x00000007 jl 00007FB770B5FD46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6204C second address: D6205F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77107EADFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6205F second address: D62069 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB770B5FD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D65762 second address: D6577E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77107EAE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6577E second address: D65782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D652D4 second address: D652D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D652D8 second address: D652EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770B5FD53h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D652EF second address: D652F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D652F5 second address: D652FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D652FB second address: D65301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D730CD second address: D730D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82FAF second address: D82FD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jp 00007FB77107EAD6h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB77107EADFh 0x00000013 jbe 00007FB77107EAD6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82FD2 second address: D82FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84E2F second address: D84E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84E33 second address: D84E6A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB770B5FD46h 0x00000008 jmp 00007FB770B5FD52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FB770B5FD50h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84E6A second address: D84E70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84E70 second address: D84E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84E79 second address: D84E7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84A1A second address: D84A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FB770B5FD55h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 jo 00007FB770B5FD52h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EA58 second address: D9EA5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D841 second address: D9D860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD56h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D860 second address: D9D866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D866 second address: D9D86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DCDF second address: D9DCE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E107 second address: D9E10C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E10C second address: D9E12A instructions: 0x00000000 rdtsc 0x00000002 je 00007FB77107EAE2h 0x00000008 jl 00007FB77107EAD6h 0x0000000e jp 00007FB77107EAD6h 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007FB77107EAD6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E12A second address: D9E12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E5A1 second address: D9E5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E5A5 second address: D9E5AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E5AF second address: D9E5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E71E second address: D9E724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E724 second address: D9E728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E728 second address: D9E74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770B5FD59h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E74D second address: D9E78B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB77107EADCh 0x00000008 jns 00007FB77107EAD6h 0x0000000e pushad 0x0000000f jnl 00007FB77107EAD6h 0x00000015 jc 00007FB77107EAD6h 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push ecx 0x0000001f push eax 0x00000020 pushad 0x00000021 popad 0x00000022 pop eax 0x00000023 pushad 0x00000024 jmp 00007FB77107EAE8h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA01A5 second address: DA01B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FB770B5FD46h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DF8 second address: DA2E31 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB77107EAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FB77107EAE7h 0x00000010 push 00000004h 0x00000012 mov dword ptr [ebp+122D1DF7h], ecx 0x00000018 push 205AC12Ah 0x0000001d jc 00007FB77107EAE8h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2E31 second address: DA2E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA44C9 second address: DA451D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FB77107EAE7h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB77107EAE6h 0x00000013 jmp 00007FB77107EAE8h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA63CC second address: DA63D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA63D8 second address: DA63E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB77107EAD6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA63E4 second address: DA63E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA63E8 second address: DA63F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnl 00007FB77107EAD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0C85 second address: 53D0C8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0C8B second address: 53D0C91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0C91 second address: 53D0C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0C95 second address: 53D0CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e jmp 00007FB77107EAE4h 0x00000013 test ecx, ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 mov di, si 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0CBF second address: 53D0D18 instructions: 0x00000000 rdtsc 0x00000002 mov si, C81Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov bx, si 0x0000000b popad 0x0000000c jns 00007FB770B5FD97h 0x00000012 pushad 0x00000013 jmp 00007FB770B5FD4Ch 0x00000018 pushfd 0x00000019 jmp 00007FB770B5FD52h 0x0000001e sbb ecx, 7FA288B8h 0x00000024 jmp 00007FB770B5FD4Bh 0x00000029 popfd 0x0000002a popad 0x0000002b add eax, ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 call 00007FB770B5FD4Bh 0x00000035 pop eax 0x00000036 mov ah, bl 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0D18 second address: 53D0D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ch, dl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax+00000860h] 0x00000010 jmp 00007FB77107EAE6h 0x00000015 test eax, eax 0x00000017 jmp 00007FB77107EAE0h 0x0000001c je 00007FB7E1074AE5h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov di, 20C0h 0x00000029 push ebx 0x0000002a pop esi 0x0000002b popad 0x0000002c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B13D85 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CAF614 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D37B4C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7464

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1424569065.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432126089.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432126089.0000000001546000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe	Binary or memory string: \\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF5BB0 LdrInitializeThunk,

0_2_00AF5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, file.exe, 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: AProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	5 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
sergei-esenin.com	172.67.206.204	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown
https://sergei-esenin.com/api	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000003.1424712895.0000000001584000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://mobbipenju.store/api	file.exe, 00000000.00000002.1432126089.000000000152A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apibR	file.exe, 00000000.00000003.1424712895.0000000001584000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001584000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/apip	file.exe, 00000000.00000003.1424569065.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001571000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432453116.0000000001571000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1432126089.0000000001546000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/badges	file.exe, 00000000.00000003.1424569065.0000000001544000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1424507700.00000000015C1000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true
172.67.206.204	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538296
Start date and time:	2024-10-20 23:41:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
17:42:23	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm
172.67.206.204	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	2WWOAq4c3b.exe	Get hash	malicious	LummaC	Browse
	EY2raBetTi.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	Download.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.53.8
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.3.1.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SentinelOculus.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	SecuriteInfo.com.Win64.MalwareX-gen.7443.30781.exe	Get hash	malicious	Unknown	Browse	172.67.72.57
	SecuriteInfo.com.Win64.MalwareX-gen.16492.21964.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.Evo-gen.6030.29502.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
	SecuriteInfo.com.Win64.MalwareX-gen.11163.24254.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.DropperX-gen.18606.18356.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Win64.DropperX-gen.5372.31408.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
	SecuriteInfo.com.Win64.MalwareX-gen.10159.8143.exe	Get hash	malicious	Unknown	Browse	104.26.0.5
	SecuriteInfo.com.FileRepMalware.16016.24947.exe	Get hash	malicious	Unknown	Browse	172.67.72.57
	SecuriteInfo.com.Win64.MalwareX-gen.6639.30242.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	bin.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	23.218.148.10
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.3.1.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	WinFIG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	WinFIG-2024.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	SecuriteInfo.com.Win64.MalwareX-gen.16492.21964.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.Evo-gen.6030.29502.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.11163.24254.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.10159.8143.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.FileRepMalware.16016.24947.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.6639.30242.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.MalwareX-gen.25010.24037.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win64.Evo-gen.24402.15705.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe	Get hash	malicious	Unknown	Browse	104.102.49.254 172.67.206.204

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.558035822813601
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'919'936 bytes
MD5:	878b753b8c22d7782cb0e5c6be782615
SHA1:	a821b0cc3e11b8f68243244e5d2974b09663e02d
SHA256:	4cea700652bb60495c8fa817eb305c945b6ace97c21a0d59091251ff45b92a3e
SHA512:	32574e699af9e715a968e4a2a4f3bd0e82a3ce1c1f63b3783d7359b84aa9b1f9fcfb7d30ea766bcc0d3b8f56ea620b96ddc3cd321e407b59bc607a22d9b79ead
SSDEEP:	49152:hFIn2LVRHEKP9E+lWPbjlgojnQOm3fhVlyDh:htHJ9E+l4dKlIh
TLSH:	E9D53B61A54972CFE88E27BC8427CD42585D03F9871149C3ECAAB6FEBD67CC015B6D28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@..........................@0.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x701000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB77081429Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	493fbf1b6f97d28665090778f002ebf7	False	0.9994520936468647	data	7.977375415394604	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ejqelyvn	0x60000	0x2a0000	0x29f600	0d7a5fc96ef01f3dc38f1e9d2fc668a0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
edioudlh	0x300000	0x1000	0x600	15071ae1b201db62def18da9b9d65ecd	False	0.5774739583333334	data	5.0496729484938685	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x301000	0x3000	0x2200	5df1bf6b632dca7738540f2db9e2cdfc	False	0.06364889705882353	DOS executable (COM)	0.755494656949782	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-20T23:42:24.183859+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.9	51689	1.1.1.1	53	UDP
2024-10-20T23:42:24.199613+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.9	54412	1.1.1.1	53	UDP
2024-10-20T23:42:24.212697+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.9	63316	1.1.1.1	53	UDP
2024-10-20T23:42:24.225121+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.9	64704	1.1.1.1	53	UDP
2024-10-20T23:42:24.237050+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.9	65164	1.1.1.1	53	UDP
2024-10-20T23:42:24.248240+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.9	59138	1.1.1.1	53	UDP
2024-10-20T23:42:24.260437+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.9	65095	1.1.1.1	53	UDP
2024-10-20T23:42:24.273460+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.9	63628	1.1.1.1	53	UDP
2024-10-20T23:42:26.150086+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.9	49742	104.102.49.254	443	TCP
2024-10-20T23:42:27.130110+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.9	49752	172.67.206.204	443	TCP
2024-10-20T23:42:27.130110+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49752	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 23:42:24.310009956 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:24.310067892 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:24.310133934 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:24.313245058 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:24.313273907 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:25.378891945 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:25.378952026 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:25.382175922 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:25.382184982 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:25.382421017 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:25.428366899 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:25.479753017 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:25.527404070 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150099993 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150130987 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150162935 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150180101 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150207996 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150247097 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.150283098 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.150298119 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.150329113 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.166274071 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.166301012 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.166388988 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.166419983 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.170521975 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.177464008 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.177526951 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.177598000 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.179141998 CEST	49742	443	192.168.2.9	104.102.49.254
Oct 20, 2024 23:42:26.179160118 CEST	443	49742	104.102.49.254	192.168.2.9
Oct 20, 2024 23:42:26.193310022 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.193361044 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:26.193434000 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.193721056 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.193737030 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:26.963637114 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:26.963705063 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.965320110 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.965327024 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:26.965569019 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:26.966969967 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.967003107 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:26.967041016 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:27.129909992 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:27.129976034 CEST	443	49752	172.67.206.204	192.168.2.9
Oct 20, 2024 23:42:27.130104065 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:27.130218983 CEST	49752	443	192.168.2.9	172.67.206.204
Oct 20, 2024 23:42:27.130243063 CEST	443	49752	172.67.206.204	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 23:42:24.183859110 CEST	51689	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.195173979 CEST	53	51689	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.199613094 CEST	54412	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.208483934 CEST	53	54412	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.212697029 CEST	63316	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.221991062 CEST	53	63316	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.225121021 CEST	64704	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.233989000 CEST	53	64704	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.237050056 CEST	65164	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.246556044 CEST	53	65164	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.248239994 CEST	59138	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.256933928 CEST	53	59138	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.260437012 CEST	65095	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.269761086 CEST	53	65095	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.273459911 CEST	63628	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.289870024 CEST	53	63628	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:24.295094013 CEST	55252	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:24.302587986 CEST	53	55252	1.1.1.1	192.168.2.9
Oct 20, 2024 23:42:26.183722019 CEST	60027	53	192.168.2.9	1.1.1.1
Oct 20, 2024 23:42:26.192558050 CEST	53	60027	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 23:42:24.183859110 CEST	192.168.2.9	1.1.1.1	0x8a32	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.199613094 CEST	192.168.2.9	1.1.1.1	0xc331	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.212697029 CEST	192.168.2.9	1.1.1.1	0xcafd	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.225121021 CEST	192.168.2.9	1.1.1.1	0x3078	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.237050056 CEST	192.168.2.9	1.1.1.1	0xeba5	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.248239994 CEST	192.168.2.9	1.1.1.1	0x679b	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.260437012 CEST	192.168.2.9	1.1.1.1	0x1288	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.273459911 CEST	192.168.2.9	1.1.1.1	0x79e6	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.295094013 CEST	192.168.2.9	1.1.1.1	0x28ef	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:26.183722019 CEST	192.168.2.9	1.1.1.1	0x6353	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 23:42:24.195173979 CEST	1.1.1.1	192.168.2.9	0x8a32	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.208483934 CEST	1.1.1.1	192.168.2.9	0xc331	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.221991062 CEST	1.1.1.1	192.168.2.9	0xcafd	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.233989000 CEST	1.1.1.1	192.168.2.9	0x3078	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.246556044 CEST	1.1.1.1	192.168.2.9	0xeba5	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.256933928 CEST	1.1.1.1	192.168.2.9	0x679b	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.269761086 CEST	1.1.1.1	192.168.2.9	0x1288	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.289870024 CEST	1.1.1.1	192.168.2.9	0x79e6	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:24.302587986 CEST	1.1.1.1	192.168.2.9	0x28ef	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:26.192558050 CEST	1.1.1.1	192.168.2.9	0x6353	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 20, 2024 23:42:26.192558050 CEST	1.1.1.1	192.168.2.9	0x6353	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49742	104.102.49.254	443	7280	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:42:25 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-20 21:42:26 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sun, 20 Oct 2024 21:42:25 GMT Content-Length: 34508 Connection: close Set-Cookie: sessionid=7ecfb2031a7e839a5a22d427; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
2024-10-20 21:42:26 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-20 21:42:26 UTC	16384	IN	Data Raw: 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 Data Ascii: etY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49752	172.67.206.204	443	7280	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 21:42:26 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-20 21:42:26 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life

Target ID:	0
Start time:	17:42:20
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xab0000
File size:	2'919'936 bytes
MD5 hash:	878B753B8C22D7782CB0E5C6BE782615
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	61.1%
Total number of Nodes:	54
Total number of Limit Nodes:	6

Executed Functions

Function 00AF50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00AF5182

Strings

<I$), xrefs: 00AF52E3
@^, xrefs: 00AF5120
<I$), xrefs: 00AF5198

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 7c7656e3f331018a982c4c19f636aef3cb30bddf7d847cea31a75d52be77e3bf
Instruction ID: bf3d10d76f88242016ab6d7e92a0a642cfc61020da2f4b8d8f35af9cd4bf7990
Opcode Fuzzy Hash: 7c7656e3f331018a982c4c19f636aef3cb30bddf7d847cea31a75d52be77e3bf
Instruction Fuzzy Hash: 0521A1355083848FC300DFA8D88476ABBF4AB66300F69882CE2C5D7351DB35D915CB56

Function 00ABFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

J|BJ, xrefs: 00AC000D
VY^_, xrefs: 00ABFDFF
t, xrefs: 00ABFCBE
V, xrefs: 00ABFEDC

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 8ccb8c26e6e10cb752b773beaba747f246757a63169598663e8238e9368eaa78
Instruction ID: 3c17b32711bb8d670028ca770cfeea6a3a9d954287679c9354059d17d74568a8
Opcode Fuzzy Hash: 8ccb8c26e6e10cb752b773beaba747f246757a63169598663e8238e9368eaa78
Instruction Fuzzy Hash: 92D166B45083809FD310DF288990B6FFBE5AB92B44F19891CF4C98B252C336CD49DB92

Function 00ABD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00ABD2F1

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 33636114c9d3bcf49ada362a80e6e2ce28446c7c390a81f1d6e72c46460078a9
Instruction ID: 105bd9b0f2152cf82dae7e04e1f0f341ea017651e384db1b369306621b3d716a
Opcode Fuzzy Hash: 33636114c9d3bcf49ada362a80e6e2ce28446c7c390a81f1d6e72c46460078a9
Instruction Fuzzy Hash: 4641447040D380ABC301BB68D685A6EFBF9AF92744F148C1CE5C49B253E33AD8149B67

Function 00AF5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00AF5784

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1288523c18d63ed32ca5ea9afceaf4eba39aa7510899660ffd1e34a9e40a9133
Instruction ID: 487cbe4662165b44e7749d1cd375aa61957960c27bcedacf17a3609ec5d7947a
Opcode Fuzzy Hash: 1288523c18d63ed32ca5ea9afceaf4eba39aa7510899660ffd1e34a9e40a9133
Instruction Fuzzy Hash: 6911A07191C640EBC701AF68E944A2BBBF9EF96710F058C28F6C49B211D736D810CB93

Function 00AF5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00AF973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00AF5BDE

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00AF695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00AF69C5

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 745e2f0b7f3f2ea5f337551100f8f13ec87e63d5ca154b2d990379ded88866a4
Instruction ID: 0212f84e1ba3b860c2ce4ceff140e3622d0d9d21b1f237d237cf01b4508d6660
Opcode Fuzzy Hash: 745e2f0b7f3f2ea5f337551100f8f13ec87e63d5ca154b2d990379ded88866a4
Instruction Fuzzy Hash: AD3185B15083059FD718EF68C8A063BB7F1EF94384F48981CF6C6972A1E7359904CB56

Function 00AC049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 943047d2846b42bd13834f3a8b2641ac3051f9936bc241b12d4a67fc4bda0c53
Instruction ID: ed57eea961501f6637e2408e7d42575a0606796c48d3d55a4f02e0f39d264b4e
Opcode Fuzzy Hash: 943047d2846b42bd13834f3a8b2641ac3051f9936bc241b12d4a67fc4bda0c53
Instruction Fuzzy Hash: 77917975200B00DFD724CF65E894B27B7F6FF89314B118A6DE9568BAA1DB30E816CB50

Function 00AC0228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de48a8bd397f5bffa638d9b7eef7bf61badcac3e2bf4316799027029be120180
Instruction ID: b0636ae198bcfa89cf659dae393b2f57b6e5981b2b709bc95ef130d83bbbca93
Opcode Fuzzy Hash: de48a8bd397f5bffa638d9b7eef7bf61badcac3e2bf4316799027029be120180
Instruction Fuzzy Hash: 1B716874200700DFD724CFA1E894F26B7F6FF49315F11896DE9968BA62DB31A816CB50

Function 00AF99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bec87ae9a4f339f0179082a6a8f277447f98838fc58c17ea0251fae4e89744
Instruction ID: cd1de383b6d609c87d6b37138a4d2cc786a2c10ca7583c8a3d4117d8356d22a8
Opcode Fuzzy Hash: 13bec87ae9a4f339f0179082a6a8f277447f98838fc58c17ea0251fae4e89744
Instruction Fuzzy Hash: DA419D34608308ABD724AF95D990B3BB7A6EB85754F14882CF68A97251D331EC11DB62

Function 00AF63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4e4a45e1ef082620ee79571f91d23fa79bf4cb9124d727c521f256af2b701a90
Instruction ID: c4dceca436971177877e2eaaea5325b3bcc6ee0000517beed1d913ed643751f6
Opcode Fuzzy Hash: 4e4a45e1ef082620ee79571f91d23fa79bf4cb9124d727c521f256af2b701a90
Instruction Fuzzy Hash: C531D270649305BADA24EB44CE82F3BB7A5EB90B51F64850CF3815B2E1D770AC119B52

Function 00AF3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00AF32A6

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 0213a8b2743d8b74fa445f7b9508f1aab4c63cdea94b3073fde53feb1e807b6b
Instruction ID: 9c769422ddc486027e35132dbd8ad433cce6eaa1d8092a6fd43812ea38172b31
Opcode Fuzzy Hash: 0213a8b2743d8b74fa445f7b9508f1aab4c63cdea94b3073fde53feb1e807b6b
Instruction Fuzzy Hash: 61016D3450D2409BC701EF58E889A2ABBE8EF6AB00F05481CF6C58B361D735DD60CB96

Function 00AF3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00AF3208

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 83b90e01e54b5353b5ee5fa0012382b09607334d8d2691b0fe89812e907d0f90
Instruction ID: fa0b4ed87cd2caa80fe1318872e61e24430067d44ce2825d4e7e7adb4217dc1e
Opcode Fuzzy Hash: 83b90e01e54b5353b5ee5fa0012382b09607334d8d2691b0fe89812e907d0f90
Instruction Fuzzy Hash: 1FB012301400005FDA041B00EC0AF003510FB10605F800050B100050F1D5615C64C555

Non-executed Functions

Function 00ACDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

LKJI, xrefs: 00ACE6E6
DCBA, xrefs: 00ACE887, 00ACE896
`Y^_, xrefs: 00ACE99E
lkji, xrefs: 00ACE73E
:WUE, xrefs: 00ACF6B7, 00ACF6C6
mjkh, xrefs: 00ACE7D8
AR, xrefs: 00ACDD10
89>?, xrefs: 00ACE9F6
()./, xrefs: 00ACE9CA
|, xrefs: 00ACECB1
tuJK, xrefs: 00ACE967
@ONM, xrefs: 00ACE6DB
WP, xrefs: 00ACDCEF
%*+(, xrefs: 00ACDE37, 00ACDE46
<=2, xrefs: 00ACEA01
tsrq, xrefs: 00ACE6FC
xgfe, xrefs: 00ACE71D
<=:;, xrefs: 00ACE930
`onm, xrefs: 00ACE733
dcba, xrefs: 00ACE728
T, xrefs: 00ACF157
89&', xrefs: 00ACE93B
QNOL, xrefs: 00ACE775
D, xrefs: 00ACE846

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 5e450f924016e43bf4b52f201294f5fedc5312d3898291691f8352b4928c11a8
Instruction ID: a190b4ab6dfb8223301250a5dd89c87a08d5fcf41adc9ae2db3e668cf8a55693
Opcode Fuzzy Hash: 5e450f924016e43bf4b52f201294f5fedc5312d3898291691f8352b4928c11a8
Instruction Fuzzy Hash: A4F276B15093819FD770CF14C884BABBBE6BFD5304F15482DE5C98B292EB319984CB92

Function 00AE23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

|}&C, xrefs: 00AE2F21
fedc, xrefs: 00AE2782
3<, xrefs: 00AE32D6
mlc@, xrefs: 00AE275C
`tii, xrefs: 00AE2693
aenQ, xrefs: 00AE276A
{l`~, xrefs: 00AE268C
:, xrefs: 00AE32DD
%*+(, xrefs: 00AE40EF
f@~!, xrefs: 00AE25FF
ggxz, xrefs: 00AE2685
Cx, xrefs: 00AE453D

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 67a13919a29a3b3046df3e323b13e559818e61246d5f577d3c38768689a24596
Instruction ID: ad50eb08b292956f3cbc90e9eb4b600fe0f47ca110bea3d0ef31afb4d7fa2921
Opcode Fuzzy Hash: 67a13919a29a3b3046df3e323b13e559818e61246d5f577d3c38768689a24596
Instruction Fuzzy Hash: EB33CE70504B818FDB258F3AC594762BBF1BF16304F58899DE4DA8BB92C735E806CB61

Function 00AD9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

kW, xrefs: 00ADA380
/), xrefs: 00ADA66D
%e6g, xrefs: 00ADA152
WH, xrefs: 00ADAA1C
=], xrefs: 00ADA36A
]{, xrefs: 00ADA1E7, 00ADA1F3
sm, xrefs: 00ADA830
hi, xrefs: 00ADAB9D
N[, xrefs: 00ADA375
(a*c, xrefs: 00ADA147
_Y, xrefs: 00ADA641
CG, xrefs: 00ADAA32
?m,o, xrefs: 00ADA13C
Gt, xrefs: 00AD9FF8
WQ, xrefs: 00ADA62B
JG, xrefs: 00ADAA27
S], xrefs: 00ADA636

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: f941cc96d86a3756533d2fcaa5e32ba620f4f855b91d26ffe3e6ea07ca300af6
Instruction ID: 95c0ab416c16d6906fee2291122f07be9c6dece0a52391a34ce5448eb5c78b95
Opcode Fuzzy Hash: f941cc96d86a3756533d2fcaa5e32ba620f4f855b91d26ffe3e6ea07ca300af6
Instruction Fuzzy Hash: 8552B6B404D3858AE274CF25D681B8EBAF1BB92740F608E1EE1ED9B255DB708045CF93

Function 00AD9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

?M0K, xrefs: 00AD9968
,A&C, xrefs: 00AD982E
L3Y=, xrefs: 00AD9B03
G+X5, xrefs: 00AD9AF3
G'M!, xrefs: 00AD9ADB
;IJK, xrefs: 00AD983E
2A"_, xrefs: 00AD9980
z=Q?, xrefs: 00AD9826
X/R), xrefs: 00AD9AEB
!E4G, xrefs: 00AD9836
B7U1, xrefs: 00AD9AFB
T#a-, xrefs: 00AD9AE3
O+f), xrefs: 00AD9634, 00AD963D
B?Q9, xrefs: 00AD9B0B
pq, xrefs: 00AD99E0
8;, xrefs: 00AD9B13

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: cba78cf415052aab2d0b25dd52bd5a6fa557c7fb4575bd971964a83760c42e7c
Instruction ID: 888a9820078803394e37f85b5a3012bbfcb9ee8d64d0a1bf25e3f79b9f99f477
Opcode Fuzzy Hash: cba78cf415052aab2d0b25dd52bd5a6fa557c7fb4575bd971964a83760c42e7c
Instruction Fuzzy Hash: D2F13EB0518380ABD310DF15D980A2BBBF4BB96B88F044D1DF4DA9B352D374D908DBA6

Function 00ADDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

-M2O, xrefs: 00ADE25A
n\+H, xrefs: 00ADDDC0
{E, xrefs: 00ADE323
Y9N;, xrefs: 00ADE245
)IgK, xrefs: 00ADE261
hX]N, xrefs: 00ADDDC7
<Y.[, xrefs: 00ADE27D
%*+(, xrefs: 00ADE143
=]+_, xrefs: 00ADE276
,Q?S, xrefs: 00ADE26F
upH}, xrefs: 00ADDE8A, 00ADE798, 00ADDF4A

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: b527226310afbd2cee018b5096188528c3fdd9cdfa6c12646ea25e1c292b0b59
Instruction ID: f1ef15662b4177a915f2879be51512dd5158fab128213110aad6c25e3c438cc8
Opcode Fuzzy Hash: b527226310afbd2cee018b5096188528c3fdd9cdfa6c12646ea25e1c292b0b59
Instruction Fuzzy Hash: AF920471E00205CFDB18CF68D8917AEBBB2FF59310F298669E456AB391D735AD01CB90

Function 00C77EA7 Relevance: 14.1, Strings: 10, Instructions: 1574COMMON

Download Yara Rule

Strings

_lO, xrefs: 00C789C6
T|og, xrefs: 00C78B13
S]k, xrefs: 00C784FF
*H!!, xrefs: 00C7900E
>]/, xrefs: 00C78A4C
_lO, xrefs: 00C789BB
F#y,, xrefs: 00C789E2
5)??, xrefs: 00C78A28
VDg, xrefs: 00C78B02
7ro_, xrefs: 00C77FAD

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: S]k$*H!!$5)??$7ro_$>]/$F#y,$T|og$VDg$_lO$_lO
API String ID: 0-325658240
Opcode ID: 661702b22bb0f08da933dec5665518d94ca593fe9b8f4a6177df5a77412c078a
Instruction ID: 8556100f6ce5cf93041ca7633a5f6b9fddee653d5bb8e3ba77d6053c30bdcd9b
Opcode Fuzzy Hash: 661702b22bb0f08da933dec5665518d94ca593fe9b8f4a6177df5a77412c078a
Instruction Fuzzy Hash: EBB2E5F3A08600AFE3046E2DDC8567AFBE9EFD4220F1A493DE6C4C7744E63598458697

Function 00AD098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

cah`, xrefs: 00AD107E
&> &, xrefs: 00AD0F89
{, xrefs: 00AD1502
%*+(, xrefs: 00AD0A77, 00AD0A86
gce/, xrefs: 00AD1073
9.5^, xrefs: 00AD0F9F
,#15, xrefs: 00AD0F94
qrqp, xrefs: 00AD1089

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 30b5443c8497ae1cd646f2bb07dedb5ae3151b6752f41516bff4f90e837c21ee
Instruction ID: 9920b1d377a82e73156b09d7f124a1224c9d6dd870367ffb1080b9f99b3256b8
Opcode Fuzzy Hash: 30b5443c8497ae1cd646f2bb07dedb5ae3151b6752f41516bff4f90e837c21ee
Instruction Fuzzy Hash: 5D6288B56083818BD730DF14D891BABBBE1FFA6314F04492EE49A8B742E7759940CB53

Function 00AB1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 00AB157D, 00AB15EB
0123456789abcdefxp, xrefs: 00AB1587, 00AB15F8
-, xrefs: 00AB21ED
gfff, xrefs: 00AB2226
@, xrefs: 00AB2C40
gfff, xrefs: 00AB22E1
gfff, xrefs: 00AB2297

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 715758396313028be5db10a8689b89587c33111111e626321ce3c76becf4061c
Instruction ID: efd36370ebf50ed58a6566d2abc710c6e69286a8cec2af2d12a1054e6ab156a1
Opcode Fuzzy Hash: 715758396313028be5db10a8689b89587c33111111e626321ce3c76becf4061c
Instruction Fuzzy Hash: 16D2F5726083418FD718CF29C4943AABBE6AFD5314F188A2DE499CB392D774DD45CB82

Function 00C802F3 Relevance: 9.2, Strings: 6, Instructions: 1678COMMON

Download Yara Rule

Strings

@lo, xrefs: 00C80F5F
up$P, xrefs: 00C815D3
',_x, xrefs: 00C80396
%2_}, xrefs: 00C8094A
DCwr, xrefs: 00C80A95
i'R=, xrefs: 00C80D9C

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %2_}$',_x$@lo$DCwr$i'R=$up$P
API String ID: 0-3451467235
Opcode ID: 99ac4d098e2df0f46e4498c1e5d1a283c805c21e76a4bd5bd880d04689036722
Instruction ID: c76c2006fff3d648ddc4bbdbb95bea59082be5f682f51cd6c3e39b7f3bdf9405
Opcode Fuzzy Hash: 99ac4d098e2df0f46e4498c1e5d1a283c805c21e76a4bd5bd880d04689036722
Instruction Fuzzy Hash: 5EB237F360C2049FE3046E2DEC8567AFBE9EF94720F1A493DEAC4C3740EA7558018696

Function 00C712A7 Relevance: 9.1, Strings: 6, Instructions: 1607COMMON

Download Yara Rule

Strings

^6?, xrefs: 00C725F8
Ud?z, xrefs: 00C715F2
><, xrefs: 00C725B8
*F, xrefs: 00C71444
c@_o, xrefs: 00C7207A
S,_o, xrefs: 00C720D6

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: *F$S,_o$Ud?z$^6?$c@_o$><
API String ID: 0-4155693342
Opcode ID: 0b2797b83b6faadc5169cb7336be2c3572d565fd916279787e7aa2097acd6930
Instruction ID: 1b6eb18bb8d493bed2e9ad4baf04c1db7674a6d4eaf7aa51f857ddf259af67bd
Opcode Fuzzy Hash: 0b2797b83b6faadc5169cb7336be2c3572d565fd916279787e7aa2097acd6930
Instruction Fuzzy Hash: D2B205F350C204AFE304AF2DEC8567ABBE9EF94720F1A892DE6C487340E63558418797

Function 00C72D2E Relevance: 9.1, Strings: 6, Instructions: 1588COMMON

Download Yara Rule

Strings

Xd, xrefs: 00C73E67
ogF, xrefs: 00C73A4C
:O, xrefs: 00C72D44
{>/, xrefs: 00C7346E
,J6, xrefs: 00C73578
"&/, xrefs: 00C73993

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: "&/$,J6$Xd$ogF${>/$:O
API String ID: 0-4215328953
Opcode ID: 3d19013305cc94d26d347e21891558ba564921ca1ac6182bd19430eb10c972aa
Instruction ID: 2707d16b8a2ac7afccb5196a6fdd992633ed55f5c0da71fcf55c36f8e3695d7f
Opcode Fuzzy Hash: 3d19013305cc94d26d347e21891558ba564921ca1ac6182bd19430eb10c972aa
Instruction Fuzzy Hash: 18B207F3A0C2109FE304AE2DDC8577ABBE9EF94620F1A493DEAC4D3744E63558058697

Function 00C7B327 Relevance: 7.9, Strings: 5, Instructions: 1663COMMON

Download Yara Rule

Strings

Z^z_, xrefs: 00C7B4BF
byyo, xrefs: 00C7BF78
@&qw, xrefs: 00C7BF4D
}~, xrefs: 00C7BD14
"^ok, xrefs: 00C7B500

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: "^ok$@&qw$Z^z_$byyo$}~
API String ID: 0-4248906284
Opcode ID: fae4d5c93d9dc0c88bea209c2c0672e5b691b500e118e4bfcd6477f8e7a20944
Instruction ID: 60b130170caece98b778d8833d3451b6e17f260b92a85f540167364f9402da71
Opcode Fuzzy Hash: fae4d5c93d9dc0c88bea209c2c0672e5b691b500e118e4bfcd6477f8e7a20944
Instruction Fuzzy Hash: D4B229F390C2149FE304AE6DEC8567ABBE9EF94320F1A493DEAC4C7740E67558058693

Function 00C6F7CA Relevance: 7.9, Strings: 5, Instructions: 1662COMMON

Download Yara Rule

Strings

vU9, xrefs: 00C6FD96
'avc, xrefs: 00C7082E
}w^, xrefs: 00C6FF6C
/=u, xrefs: 00C6FB11
UE?], xrefs: 00C6FDF4

Memory Dump Source

Source File: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 'avc$/=u$UE?]$vU9$}w^
API String ID: 0-1928354178
Opcode ID: d1b7a52a01fe436c98da767bfd90c2028d4f161a0965639a27193e8b3673c4b8
Instruction ID: 0aebae43b55a5320470d354a84396909911faba4afe60f9d77d909b4494736a7
Opcode Fuzzy Hash: d1b7a52a01fe436c98da767bfd90c2028d4f161a0965639a27193e8b3673c4b8
Instruction Fuzzy Hash: F1B239F3A082049FE3046E2DEC8567AFBE9EFD4720F1A463DEAC4C7744E93558058696

Function 00C7CE5B Relevance: 7.9, Strings: 5, Instructions: 1615COMMON

Download Yara Rule

Strings

d-7;, xrefs: 00C7D790
f@_O, xrefs: 00C7CFFE
N7, xrefs: 00C7E103
]8sG, xrefs: 00C7E035
o|?%, xrefs: 00C7D454

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: ]8sG$d-7;$f@_O$o|?%$N7
API String ID: 0-4215272706
Opcode ID: 9b85a8e7bc78dbf77b427b2005250b321e9565325d165371870c50ee63a5df0f
Instruction ID: ffbd7dd07574dd417b641b908cb17456f97d22e6f3ff594a834ddd8693ec4346
Opcode Fuzzy Hash: 9b85a8e7bc78dbf77b427b2005250b321e9565325d165371870c50ee63a5df0f
Instruction Fuzzy Hash: 26B205F360C2049FE304AE2DEC8567ABBE9EF94720F1A493DE6C5C3744E63598418697

Function 00C74826 Relevance: 7.8, Strings: 5, Instructions: 1563COMMON

Download Yara Rule

Strings

Wk=, xrefs: 00C757FF
4)w, xrefs: 00C751CD
K}N?, xrefs: 00C753B5
Q;oz, xrefs: 00C74872
7W}_, xrefs: 00C7499D

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 4)w$7W}_$K}N?$Q;oz$Wk=
API String ID: 0-244497705
Opcode ID: 4476e83d8e53f59e04e274635142cc12e3dcbc22adf107a6ff1c8c5ce40a37e4
Instruction ID: 4e5b7bc281c10c49696e2d02a4cd98ae088ba081fc0e2c01b4a5a46c44d5f306
Opcode Fuzzy Hash: 4476e83d8e53f59e04e274635142cc12e3dcbc22adf107a6ff1c8c5ce40a37e4
Instruction Fuzzy Hash: 38B208F3A082049FE304AE2DEC4567AFBE9EF94720F1A453DEAC4C7744E63598058697

Function 00AB12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

@, xrefs: 00AB3531
i, xrefs: 00AB28EA
0, xrefs: 00AB243E
0, xrefs: 00AB1E88
0, xrefs: 00AB1DC1

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 495b7cc99ca772fe1133ceac3bff9644dc01a179b0b74f5f8a0024d08b52aafa
Instruction ID: f09dce3d410e0116e11553550771bb90b25fedc4f9193fc110a4e4b850ea1f87
Opcode Fuzzy Hash: 495b7cc99ca772fe1133ceac3bff9644dc01a179b0b74f5f8a0024d08b52aafa
Instruction Fuzzy Hash: 9462D27160C3818FD719CF28C4907AABBE5AFD5344F188E2EE8D987292D774D949CB42

Function 00AB164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00AB1F57
0123456789ABCDEFXP, xrefs: 00AB164F
0123456789abcdefxp, xrefs: 00AB1659
gfff, xrefs: 00AB1F3C
+, xrefs: 00AB1573

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 6110bca31811bca3995713c5c7afa296753e3e23e669c4b02874ad60e9927164
Instruction ID: 54ba21873197f7732167bb4688de9a1252ae679232d139d2b6c36f550053e412
Opcode Fuzzy Hash: 6110bca31811bca3995713c5c7afa296753e3e23e669c4b02874ad60e9927164
Instruction Fuzzy Hash: 7FF1903160C3818FC719CF29C4943AAFBE6ABD9304F188A6EE4D987356D734D945CB92

Function 00AB13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

-, xrefs: 00AB1F23
gfff, xrefs: 00AB1F57
0123456789ABCDEFXP, xrefs: 00AB13A3
0123456789abcdefxp, xrefs: 00AB13AD
gfff, xrefs: 00AB1F3C

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: c9ba8d851d6ac95f33b53d5245593974ffbe1bf5bddb8a2f8b069ff78cf01b40
Instruction ID: fefe4296ab770902f18c11272893774a2bca28de527d9f7e36a2e2cf8c0e1c0a
Opcode Fuzzy Hash: c9ba8d851d6ac95f33b53d5245593974ffbe1bf5bddb8a2f8b069ff78cf01b40
Instruction Fuzzy Hash: E9D19E716087818FC719CF29C4942AAFFE2AFD9304F08CA6EE4D987356D634D949CB52

Function 00ADFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

NA_I, xrefs: 00AE036D
m1s3, xrefs: 00ADFEC3, 00ADFECB
:, xrefs: 00AE0087
uvw, xrefs: 00ADFE95

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 66a2ffe2e5ff1dec06527b733f8f821f94ab3c5b1025f517aa0280a19195908f
Instruction ID: 2d16f6cc86bfc55c3ba710a7a4d74be79c13c87c711992d7ab66c14b659ec3b2
Opcode Fuzzy Hash: 66a2ffe2e5ff1dec06527b733f8f821f94ab3c5b1025f517aa0280a19195908f
Instruction Fuzzy Hash: F432B8B0508381DFD314DF2AD880A2BBBE5AB9A340F148E2CF5D58B2A2D775D945CF52

Function 00AC3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

ss, xrefs: 00AC3C79
%*+(, xrefs: 00AC3EC4
p, xrefs: 00AC3C80
;z, xrefs: 00AC3C87

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 9d3d6f25c32477619799b5aeafefd17f835135a70e84dfb25785ac72fac17ae5
Instruction ID: 0f0c5ea6ffba23c9b13c6efdca5eb04c9cc064c55b3dbfada174cb643eb618af
Opcode Fuzzy Hash: 9d3d6f25c32477619799b5aeafefd17f835135a70e84dfb25785ac72fac17ae5
Instruction Fuzzy Hash: 66025CB4810B00DFD760DF25D986B56BFF4FB05300F50895DE89A8B656E731A815CBA2

Function 00AD2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

lc, xrefs: 00AD2507
sj, xrefs: 00AD2327
hu, xrefs: 00AD232F
a|, xrefs: 00AD2317

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 587a0bc7b6e3e3aa17d3ed5051177011019a322443fbfe0c1c4f0bee66ee690d
Instruction ID: 4a9b3aa139057084d1d717f85e58eca359189a1f2b975ce975ddff17578fac2d
Opcode Fuzzy Hash: 587a0bc7b6e3e3aa17d3ed5051177011019a322443fbfe0c1c4f0bee66ee690d
Instruction Fuzzy Hash: 6CA168B44083418BC720DF18C891B2AB7F0FFA5754F588A0DE8DA9B391E339D945CB96

Function 00ADD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 00ADD98B
KV, xrefs: 00ADD97D
#', xrefs: 00ADD9EA
T>, xrefs: 00ADD984

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 5e0c2d9a7421d46234da014baf5bbb8d1ec6b33e41aaca472c1d4860dc0d7a3c
Instruction ID: 176ba31c25c274fb0b67c7049a018ad4ae41c72483bcfe4540583c0f2ef9b4ce
Opcode Fuzzy Hash: 5e0c2d9a7421d46234da014baf5bbb8d1ec6b33e41aaca472c1d4860dc0d7a3c
Instruction Fuzzy Hash: E38155B48017459BCB20DFA6D28556EBFB1FF12300F60460DE486ABB55C331AA55CFE2

Function 00ADAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

lk, xrefs: 00ADACBC
(g6e, xrefs: 00ADACA1
4c2a, xrefs: 00ADACA9
,{*y, xrefs: 00ADAD07, 00ADAD13

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 6de02a52f926160a428d4c8c613299c8e23ff20640b2d7b97024f748deec13ff
Instruction ID: 061bebdc0d2b91406fc9c31624ce3284a0e8f549151e3d1da8324e59d86b8b46
Opcode Fuzzy Hash: 6de02a52f926160a428d4c8c613299c8e23ff20640b2d7b97024f748deec13ff
Instruction Fuzzy Hash: 984183B4408382CBD7209F24D900BABB7F4FF96305F54995EE6C997260EB32D944CB96

Function 00ADC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 00ADC537
%*+(, xrefs: 00ADC8C3, 00ADC8CB
%*+(, xrefs: 00ADC9E4, 00ADC9ED

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 2de0d193f682e9c8bcf919986cd7bc9c0daa09561dabd0c094550150c0c8505c
Instruction ID: e57b0d06dcc2cf0420fcd12422544e9359e2e7362347f29006cca1c93347c5e3
Opcode Fuzzy Hash: 2de0d193f682e9c8bcf919986cd7bc9c0daa09561dabd0c094550150c0c8505c
Instruction Fuzzy Hash: 55E195B5518345DFE3249F68D881B2BBBF5FB95350F88882DF68987251DB32D810CB92

Function 00AB8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00AB8616
), xrefs: 00AB860C
IEND, xrefs: 00AB89F0

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: ecea2b29b3bed70b7d1cef3f99ab3b96ba628b9f23abc08486e4dcdca0f70eac
Instruction ID: 406e5f68081c346560013ebab2ddb2819c713e688f0068d97432c9052f2444f4
Opcode Fuzzy Hash: ecea2b29b3bed70b7d1cef3f99ab3b96ba628b9f23abc08486e4dcdca0f70eac
Instruction Fuzzy Hash: 20E1E2B1A083419FE310CF28C8817AABBE8BF94354F14492DF59597382DB79E915CBC2

Function 00C7A93B Relevance: 4.0, Strings: 3, Instructions: 232COMMON

Download Yara Rule

Strings

j['g, xrefs: 00C7ABAA
:!}q, xrefs: 00C7AB56
aF|, xrefs: 00C7AA7A

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: :!}q$aF|$j['g
API String ID: 0-623614444
Opcode ID: 18d66f4e529a4952acb75c6a565bad607271f34eb6a9e0ef0e49df75693800ac
Instruction ID: 005ef0350e1ca9d17244d8b62ba10260478064c9bb6ed4ec31dcfb402351aa95
Opcode Fuzzy Hash: 18d66f4e529a4952acb75c6a565bad607271f34eb6a9e0ef0e49df75693800ac
Instruction Fuzzy Hash: 456124F390C214ABD3157E2DEC417BAFBEAEF95660F1B062DD6C497740E63298008687

Function 00AF4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00AF420C
%*+(, xrefs: 00AF40A4, 00AF40AD

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 706467c4a074231f2c26e7c9ac9a297101fd54ccf8c3494c38792a1823bc94dc
Instruction ID: f5ae98dca8e781e6db7aa81c4d4533025a52a0db2836517313a1937d809a97b4
Opcode Fuzzy Hash: 706467c4a074231f2c26e7c9ac9a297101fd54ccf8c3494c38792a1823bc94dc
Instruction Fuzzy Hash: 06129A716083459FC714CF98C880B2FBBE6FB89314F188A2CF6959B291D735E945CB92

Function 00AEF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 00AEF6E6
dg, xrefs: 00AEF7F5

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 9782529dc8edc3e7f25ff11faeab4a34d33ad21e627f65e9b0346a4cb2034a15
Instruction ID: 25efbd284bcbc14e1d07dcb297ae5e68bf30890130f93a72d1f40c6359e620d6
Opcode Fuzzy Hash: 9782529dc8edc3e7f25ff11faeab4a34d33ad21e627f65e9b0346a4cb2034a15
Instruction Fuzzy Hash: 18F19571618342EFE704CF25D895B2ABBF6FB96384F14892CF1958B2A1CB34D944CB52

Function 00C762F1 Relevance: 2.9, Strings: 1, Instructions: 1662COMMON

Download Yara Rule

Strings

!\', xrefs: 00C76EF5

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: !\'
API String ID: 0-3961893762
Opcode ID: 1e6a8039350359d5cfa5b40a99d71899bb34f8d7c0d92fa3839d214c2e4b1a4c
Instruction ID: dbb14f91b98b3892bc72ae7f03834b2ac2e0e8da6b6f254f4e270b2a505e047f
Opcode Fuzzy Hash: 1e6a8039350359d5cfa5b40a99d71899bb34f8d7c0d92fa3839d214c2e4b1a4c
Instruction Fuzzy Hash: AFB218F3A0C2149FE3146E29EC8577BBBE9EF94320F1A853DEAC4C7744E63558018696

Function 00AB35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00AB360E
Inf, xrefs: 00AB3607

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 389fe2d4ec70a00fa37fa5a3e7adbdc339dcff65c5ecb60fb83db992db0a7274
Instruction ID: 270669b65cbbf5e8f4c8a45e947c2a35566f82e9967f0d3e90b85032359772a5
Opcode Fuzzy Hash: 389fe2d4ec70a00fa37fa5a3e7adbdc339dcff65c5ecb60fb83db992db0a7274
Instruction Fuzzy Hash: 5CD1F672A083119BCB04CF69C88065FBBE5EFC8750F248A2DF99997391E771DD058B82

Function 00ACFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 00AD00F6
BaBc, xrefs: 00AD0197

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 8771aae4fd73b08e5a4f978c2777728f589040e5901f1f8b35836c4e844c4179
Instruction ID: 84ca0df6ac24c96dc09c645e52777542727728149fd32579eca38f837b8df6a2
Opcode Fuzzy Hash: 8771aae4fd73b08e5a4f978c2777728f589040e5901f1f8b35836c4e844c4179
Instruction Fuzzy Hash: F651A9B16083819BD731CF18C881BABB7E4FF96360F09891EE49A8B751E3749940CB57

Function 00C7EED4 Relevance: 2.4, Strings: 1, Instructions: 1106COMMON

Download Yara Rule

Strings

@Xu}, xrefs: 00C7EF3F

Memory Dump Source

Source File: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: @Xu}
API String ID: 0-2751690779
Opcode ID: 4f7962870511fe57a201f93b666d85e1516ea521b63aae699eb37026a5b0440f
Instruction ID: 57cdb9c413ee698a52ddca20f324663c8d3af5b512ac180ba7630aacc8e44122
Opcode Fuzzy Hash: 4f7962870511fe57a201f93b666d85e1516ea521b63aae699eb37026a5b0440f
Instruction Fuzzy Hash: C87214F3A0C2049FE704AE2DEC8577ABBE9EB94320F16493DEAC5C3740E63558458697

Function 00AB5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00AB54C8

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: b77219796857ca1e3f09e6b05ffd5e9bc4114ba37d31f8a636d9aaaaaebd9da8
Instruction ID: 3195e82e35a01925e854571427504c57f5849e4f1aca4adbc1aa9fc4ef3b4d80
Opcode Fuzzy Hash: b77219796857ca1e3f09e6b05ffd5e9bc4114ba37d31f8a636d9aaaaaebd9da8
Instruction Fuzzy Hash: AC22C2B2E08B428BE7258F38D5503A6BBEAAFA1304F1D896DD8594B343EB71DC45C741

Function 00AE12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00AE15D1

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: fe38b9619c63bf62487cd7c53f6ce8b044aa56e8d5c1159d8b6e5b843951091b
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 54F12A71A083A14FC724CF26C450A6BBBE6AFC5354F1CC96DE89A8B382D634DD45C791

Function 00ADAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00ADB2D3, 00ADB2DB

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f4b15e54a3cf19d3bd3f1c8d543ed1e2833b0e068ee6a3b031880dd373e6f793
Instruction ID: 598dd20f159c0f3e8cb763432638fab40ea5823dd5c49ed617df1dc5e38d9bc2
Opcode Fuzzy Hash: f4b15e54a3cf19d3bd3f1c8d543ed1e2833b0e068ee6a3b031880dd373e6f793
Instruction Fuzzy Hash: A3E1A871518306CBC724DF29C89056EB7F2FFA8781F55891DE4C687320E730A959DBA2

Function 00AC6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC6EF3

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5e12059f7b14fd8658a830a08752d3feff6c953e9fc8a93e0f6f968119793c8a
Instruction ID: 501a76091c9a38fe49875ca4c292b7124c7a3e3f27d2a051e561c5f9a6fdaaa8
Opcode Fuzzy Hash: 5e12059f7b14fd8658a830a08752d3feff6c953e9fc8a93e0f6f968119793c8a
Instruction Fuzzy Hash: 94F1A0B5600B01CFC725DF68D981A26B3F6FF48314B158A2DE59787692EB30F816CB41

Function 00AD7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AD8263, 00AD826B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 339677c352bf0aa1f336dc410cf482253ad00938d1a851bdf0ebd398bfe3edfe
Instruction ID: 425c7dd1c2a78f0390aade43273bc38e82e76d6579e9fb52b2c530e111949d25
Opcode Fuzzy Hash: 339677c352bf0aa1f336dc410cf482253ad00938d1a851bdf0ebd398bfe3edfe
Instruction Fuzzy Hash: 4AC1BE71508200ABD720EB14C882A6FB7F5EF95754F48891DF8C69B352E738ED05CBA2

Function 00AD8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AD9233, 00AD923B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4744e40363618d33e034801ffe33f149a90d576e5d994834ee602e54536453a9
Instruction ID: f179574cf9d6e9e8c259dc88604a3e50944b5bbe24349fec64cdede642ab0865
Opcode Fuzzy Hash: 4744e40363618d33e034801ffe33f149a90d576e5d994834ee602e54536453a9
Instruction Fuzzy Hash: C2D1AD70628302DFD704EF68D890A6AB7E5FF99304F49497DE88687361DB34E950CB61

Function 00AF7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00AF8167

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: b5d23809b575144f5816b55ab224e768f0cd77534ca91893e01d3e47c5959003
Instruction ID: 61f85d2b87aca99800e26d010511c8da2ad93a832a8529687b6e56c137fa0071
Opcode Fuzzy Hash: b5d23809b575144f5816b55ab224e768f0cd77534ca91893e01d3e47c5959003
Instruction Fuzzy Hash: 01D1F4329082694FC726CE58D89072FB6E1EB85758F15862CFAB5AB390CB75DC06C7C1

Function 00ADCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00ADCDC3, 00ADCDCB

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 33d47635a4b4050be162fe792248a8890462557e03de2932d13ab85a4d3d9f95
Instruction ID: 4879d5930b87a9befd8cbc710e1e975f0e3db270bb504a267c6450a3a254e533
Opcode Fuzzy Hash: 33d47635a4b4050be162fe792248a8890462557e03de2932d13ab85a4d3d9f95
Instruction Fuzzy Hash: 0BB111B06083069BD714DF18D880B2BBBF2EF95360F54482EE5C68B352E735E855CB92

Function 00ABA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00ABA9C3

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 579585bffb69226046000e5c2f807632f8b9196620627d3c8903296b45a8b227
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 0AB138702083819FD324CF28C88065BBBE5AFA9704F448A2DF5D997742D671EA18CB67

Function 00AEFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AEFCA4, 00AEFCAD

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 606779c01804946b66f0c2f6974f322e1de4c8b89ba1f2a0a3b93af54ed63a13
Instruction ID: db1aed5ad79dc0fae30fd1c842a55a0d1a6a48965ab68e5dffaa456cf339c7a3
Opcode Fuzzy Hash: 606779c01804946b66f0c2f6974f322e1de4c8b89ba1f2a0a3b93af54ed63a13
Instruction Fuzzy Hash: F681DB71508345AFD710DF6ADD84B2BBBE5FB99745F14882CF28587291EB30E814CBA2

Function 00C6F9CC Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

/=u, xrefs: 00C6FB11

Memory Dump Source

Source File: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: /=u
API String ID: 0-911986690
Opcode ID: 6f3210cdf31ddc428446d0eb34a217964f45cfa363f21e1738b7fd80a9688cd3
Instruction ID: 384fdc87a47e98da7ad4f4fe0c3b6dd7aea6d6c1fc4e6570ed48ac7d446485e2
Opcode Fuzzy Hash: 6f3210cdf31ddc428446d0eb34a217964f45cfa363f21e1738b7fd80a9688cd3
Instruction Fuzzy Hash: FC716EF3B083145BD3106A1EEC84A6AF7DAEFD4630F1A463DEA8897344E9721C05C6D6

Function 00ACD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00ACD663, 00ACD66B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: db3b99a3d6b976b979ddf1672493fcaba40f7da817b15b13d2c527e1bc8d0fe5
Instruction ID: bcac58561df619f3354b0c0ec28d219aee0e7d66b4ab646deb851545b42c991b
Opcode Fuzzy Hash: db3b99a3d6b976b979ddf1672493fcaba40f7da817b15b13d2c527e1bc8d0fe5
Instruction Fuzzy Hash: 1B61CE71918208DBD710AF58DC82F3AB3B5FFA4354F09092DF9869B252E775E910CB92

Function 00C13C2D Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

VQ{, xrefs: 00C13E68

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: VQ{
API String ID: 0-3099868208
Opcode ID: dc2b3b1b2bfc22bd3211d381af00b52009712a980d805a1f5be2c5615d167f61
Instruction ID: 67d6bfd1e8cf3bbf23908529ff042135c19b3d4d17894acb62ea957e13017270
Opcode Fuzzy Hash: dc2b3b1b2bfc22bd3211d381af00b52009712a980d805a1f5be2c5615d167f61
Instruction Fuzzy Hash: 8F61FCF36082005FE3549E29DC95B7AB7E9EFD4720F2A853DE6C8C3380DA395C458696

Function 00AF4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AF4C33, 00AF4C3B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f036be72f5baac086c477bcfcbf037f09a52b4b2d9738d021ca5402b9d27e718
Instruction ID: 65ccb04255a4c7d85ed5b4347459bfd7a9588e4adfb67bcef1930c9aec471794
Opcode Fuzzy Hash: f036be72f5baac086c477bcfcbf037f09a52b4b2d9738d021ca5402b9d27e718
Instruction Fuzzy Hash: B761CF716083499BD721DFA9C880B3BBBE6EB98314F18891CF6C587292D771EC51CB52

Function 00C4DC64 Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

O, xrefs: 00C4DCA9

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-4269288956
Opcode ID: 3efe52b49447bfee237028fa270d060e2cb79ef47762d852bcbaa9db79d7e215
Instruction ID: 1be3a566dfcb5a189401f2fb53cb3d477bc029d1a4ef926fee9629a221c8aab1
Opcode Fuzzy Hash: 3efe52b49447bfee237028fa270d060e2cb79ef47762d852bcbaa9db79d7e215
Instruction Fuzzy Hash: BE6116F3E082009FE3456E38DD857AABBD6EBD4320F27863DE7D4836C4DA3558058686

Function 00ABE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00ABE333

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 773443de2e92d40225e0dd0d53366735c915d3cdff92346b5697e46ff17cc38a
Instruction ID: 8db05badd5faaab5a4dea2a9c652bb7d73e568017af1b5234e2109d62835a5a5
Opcode Fuzzy Hash: 773443de2e92d40225e0dd0d53366735c915d3cdff92346b5697e46ff17cc38a
Instruction Fuzzy Hash: 89513433A196D04BD328DA7D5C552EA6EDB0FA2334B3DC369E9F1CB3E2D51588019390

Function 00AF3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AF39E3, 00AF39EB

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: d9ce40bb2f470dd33c9bb9acae6786886be98c5e0fb2b796c4213ef8b4a932a8
Instruction ID: 9e8329991e672888ad9ba1bb4fc9aeb8ddd462b4d410d486928d9a00aff284d8
Opcode Fuzzy Hash: d9ce40bb2f470dd33c9bb9acae6786886be98c5e0fb2b796c4213ef8b4a932a8
Instruction Fuzzy Hash: CB51B2325092049BCF24EF96D990A3EBBE5EF85784F14881CF6C587251D772DD10DB62

Function 00C0F6EE Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

M%M+, xrefs: 00C0F870

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: M%M+
API String ID: 0-2681672703
Opcode ID: 4fe27a9c8c77c762f3e8754e39e56c4c7630811c7dc874ff4c2a505fc55b329b
Instruction ID: 6372cdc67331623c8ca0e9317275db17f7c15e53633c0466183ff553ba6ba08d
Opcode Fuzzy Hash: 4fe27a9c8c77c762f3e8754e39e56c4c7630811c7dc874ff4c2a505fc55b329b
Instruction Fuzzy Hash: 295128F3E186104BF308AA3CDC957B677D9EB94320F2A463DEB99937C4D97858018286

Function 00AC1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00AC1C3E

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 69471acf483a1780c2f2cc01560609e34d512ab876e79c0b55ce8b6146cc77f4
Instruction ID: 6bc04a9e7943217f94d34421f9cf8403afce1112b3c8d02a835ca33d712376b2
Opcode Fuzzy Hash: 69471acf483a1780c2f2cc01560609e34d512ab876e79c0b55ce8b6146cc77f4
Instruction Fuzzy Hash: E84141B410C3809BC7149F65C894A2FBBF0BF96314F04991CF5D69B291D736C915CB56

Function 00AEFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AF0033, 00AF003B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f1c79a8204496631bcbe8ce5cec079ba12c6ad700c548c24b8049222fab7e470
Instruction ID: 0c2f1cd6805d08ecc9e12c5c060c908bf054e44f604e49c21c132f7905e68ae4
Opcode Fuzzy Hash: f1c79a8204496631bcbe8ce5cec079ba12c6ad700c548c24b8049222fab7e470
Instruction Fuzzy Hash: 2231D2B1908309ABD710EB94DC81F3BB7E9EB85744F544828FA85D7253EA31DC14CBA2

Function 00ADE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00ADE6A2

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 8d48a381224f4e4282f6218fca78a33df647f06925f44aed2a1d90709e9dcf1e
Instruction ID: 15a820c86a359cb26db37a8f62d3ca4b5fec3f11b4a8eb1b30523d5a22efb802
Opcode Fuzzy Hash: 8d48a381224f4e4282f6218fca78a33df647f06925f44aed2a1d90709e9dcf1e
Instruction Fuzzy Hash: 2631E4B5E00244CFCB20DF99E9809AFB7B5FB5A745F14082DE446AB301D731AD05CBA2

Function 00AC6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC703B

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4aa0aa895f51df4cbd0ed41d3988af5635cafd38cc7c49fae4f355ee73df0e6b
Instruction ID: d1a1a1e5cbcef72b5a8cea4e1a6f19effb1b531f589dc5b29aadd29b913782db
Opcode Fuzzy Hash: 4aa0aa895f51df4cbd0ed41d3988af5635cafd38cc7c49fae4f355ee73df0e6b
Instruction Fuzzy Hash: 80412375614B049BD7358B65C995F2BBBF2FB09701F15881CE5869BAA1E732E8008F50

Function 00ADE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00ADE6A2

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 5defeb1636b39efee1817fdb87fb4081e12c8115026cb23ce4cac243ac5732cd
Instruction ID: e6399747cffd0c65be5c4a4469e7c626cad5c701953ec2c3adfcf4c131c5b80e
Opcode Fuzzy Hash: 5defeb1636b39efee1817fdb87fb4081e12c8115026cb23ce4cac243ac5732cd
Instruction Fuzzy Hash: 7121B0B1A00244CFC720EF99D9909AFBBB5FB1A745F14081DE446AB341C735AD01CBA2

Function 00AF9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00AF9D30

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: ac93bb20e7775a582ae6b78eee5a7e79f9ed89a74a827ca6437d06c2f87274e5
Instruction ID: d74199b3829ebd89622c23887503c5dc4544f12fafe53cd1b13f728cd4972cc3
Opcode Fuzzy Hash: ac93bb20e7775a582ae6b78eee5a7e79f9ed89a74a827ca6437d06c2f87274e5
Instruction Fuzzy Hash: 903158709093089BD724EF55D880A2BFBF9EF9A354F24892CF6C897251D335D904CBA6

Function 00AC4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ec582c67bb469d889a8e6394a3b5aa9ce5c6d3e221aa14255ec68ec5f9a483
Instruction ID: 25ef5c3c54182773fea8b731b24a9557a3862ba8d5c43e822814a96a09b08505
Opcode Fuzzy Hash: e0ec582c67bb469d889a8e6394a3b5aa9ce5c6d3e221aa14255ec68ec5f9a483
Instruction Fuzzy Hash: C16258B4900B408FD735CF29D990B27B7F6AF49704F59892CE49A8BA52E774F844CB90

Function 00ABBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 30cee625740c69cdda85844779877bee71fd2ef8e0801200cc0c67e325fb316e
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: E9522931A087118BC7259F1CD4506FAF3E5FFC5329F298A2DD9C697282E734A851CB86

Function 00AF8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b668f7453bb42a1ca134ffb1b86a42f8ac0fafa0c01bd261ac98ffa1398920e
Instruction ID: c45978cd001ce9f09a4274dc8ea94e2ee712b948d21728eb3fd4b4e79e846982
Opcode Fuzzy Hash: 1b668f7453bb42a1ca134ffb1b86a42f8ac0fafa0c01bd261ac98ffa1398920e
Instruction Fuzzy Hash: D622DE75608345CFC704EF68E89062ABBF1FF9A315F09896DE68987361DB35D850CB42

Function 00AF86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5163cf2a5ffa5c428825dc6ba7d6987456cc485104c8b3db48a49a3474b793
Instruction ID: efd97a42cc544c7e001b509d82f6785538ec00dfbbdc20bf85424b5def60f650
Opcode Fuzzy Hash: 3a5163cf2a5ffa5c428825dc6ba7d6987456cc485104c8b3db48a49a3474b793
Instruction Fuzzy Hash: 2A22BC75608344DFC704EF68E89062ABBF1FF9A305F09896DE68987361DB35D850CB82

Function 00ABB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36cdceda8f7b2ce6fa902219e8af4ff5246d7f9ef2dad9e0ed6fb7e461763a89
Instruction ID: 09c796963248e4c7a28f97acdfef7d406258cf142eb3615ba43fc73068d83e82
Opcode Fuzzy Hash: 36cdceda8f7b2ce6fa902219e8af4ff5246d7f9ef2dad9e0ed6fb7e461763a89
Instruction Fuzzy Hash: E652D470918B888FE735CB24C4947E7BBEAAF91314F144D2DC5E606B83C7B9A885C761

Function 00AB71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab5349e743e2cc0d7555c658a0ba9c29aa32df1725e2d60024eb36396d9a4a7
Instruction ID: f3c96a3ea9af75ab023042d4db66cd26a2755b55db02729f6371abe6e47b1e0a
Opcode Fuzzy Hash: 0ab5349e743e2cc0d7555c658a0ba9c29aa32df1725e2d60024eb36396d9a4a7
Instruction Fuzzy Hash: 25527C3150C3458BCB15CF29C0906EEBBE5BFC8314F198A6DE89A5B252D7B4D989CB81

Function 00AB8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e38751f04e0c269ecc54ed33eef6eaf67930044ccab6515533248e8be748fcae
Instruction ID: 700e393444901474f8a17c8dcf2106902be6fd6042f3afeb73c8c0f0413fc373
Opcode Fuzzy Hash: e38751f04e0c269ecc54ed33eef6eaf67930044ccab6515533248e8be748fcae
Instruction Fuzzy Hash: 4A428675608301DFD708CF68D8547AABBE1BF88315F09896CE5858B3A2D336D986CF42

Function 00AB7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60e5433b7bc338c1cac50a7b651fda4150ca5453f41c47ef594bc0199803a74
Instruction ID: 211d369546f9c1c4b3dfcb77b30cb23e7958950b4d862590e40d0f3011ba2692
Opcode Fuzzy Hash: e60e5433b7bc338c1cac50a7b651fda4150ca5453f41c47ef594bc0199803a74
Instruction Fuzzy Hash: FF324370515B108FC328CF29C5905AABBF9BF85700B604A2ED6A787F92D776F845CB10

Function 00AF89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e39a9dcab4cc64d34283005edf2b4a471055c5ee21ef694df330cb4f99d0527
Instruction ID: c8ce9d85909604107b8259662f6511cf4b9e44cce1337ff89c0d9a07d868c025
Opcode Fuzzy Hash: 4e39a9dcab4cc64d34283005edf2b4a471055c5ee21ef694df330cb4f99d0527
Instruction Fuzzy Hash: 2A02AA74608344DFC704EF68E88062ABBF1EF9A305F09896DE6C987361CB35D814CB92

Function 00AF8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d4ffc63e4925b11ad2cc48a63ffdfaa2ca2575f9cbf69cf835d4d94a8fa401
Instruction ID: a063bc97ddc34f1eb37bb72a9396c23723190c9766d5a35d1ad38543131a16ac
Opcode Fuzzy Hash: d1d4ffc63e4925b11ad2cc48a63ffdfaa2ca2575f9cbf69cf835d4d94a8fa401
Instruction Fuzzy Hash: D5F18974608344DFC704EF68D88062AFBE5EB9A305F09896DE6C987261DB36D914CB92

Function 00AF8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ae1d5ba376c7d2bb61e3768e54d328bcf0e3b5b75be394a65c26dd4d0dee76
Instruction ID: bfad09594f7d8ed23db83f1002a6377118e6a1abe65857ac5595102ceb0343c4
Opcode Fuzzy Hash: b8ae1d5ba376c7d2bb61e3768e54d328bcf0e3b5b75be394a65c26dd4d0dee76
Instruction Fuzzy Hash: 5BE1AD71618340CFC704DF68E88062AF7E5FB9A315F09896CE6C987361DB36E910CB92

Function 00ABA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 813c5ede773a4a9a4e9738b4372b77610e7904ff462d9fcbda46a8a6b18e0bc3
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 83F1B0756087418FD724CF29C88166BFBE6BFE8300F08882DE4D587752E639E945CB52

Function 00AF8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b0ee9dd29240707e64aa6604710e81aa88c588a5509746050fd5b52055c09c4
Instruction ID: b81b14010d2a5a0896ac9ab5166cdf1b0eb8bd052c58c35b35584874300af10f
Opcode Fuzzy Hash: 2b0ee9dd29240707e64aa6604710e81aa88c588a5509746050fd5b52055c09c4
Instruction Fuzzy Hash: 86D19B7461C284DFD704EF68D88062AFBF5EB9A305F09896DF6C987251DB36D810CB92

Function 00AC4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077bcbc599d3495af1dd7bd02b01172e06b6050f7dad2be8a7e5900e653aa236
Instruction ID: 911064c817500ecb0848494489a850b595cc52a2e04fb72af81abfd2ac821ddb
Opcode Fuzzy Hash: 077bcbc599d3495af1dd7bd02b01172e06b6050f7dad2be8a7e5900e653aa236
Instruction Fuzzy Hash: B8E1FFB5501B408FD325CF28D9A2BA7B7E1FF0A704F04886DE4AA8B752E735B815CB54

Function 00AF6CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 742378752a3d6e6215a95bead1349fe0430e33ab10cdc9daad876c1421592566
Instruction ID: 2de7d28a3b55914f30c9dde6ce97506baab08b90d80d8f80aea3e440bf0b1607
Opcode Fuzzy Hash: 742378752a3d6e6215a95bead1349fe0430e33ab10cdc9daad876c1421592566
Instruction Fuzzy Hash: CAD10136618755CFC720CF78D88452AB7E6FB9A314F098A6CE991C73A1DB30DA44CB91

Function 00AF7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf4cab0f01c5aa09abdd21b358d9349f74c11f119f6f21b06227b0d38ac58ee
Instruction ID: ef57dd4edf70c5f58add5856aeaa97c40f0c428a82c60c209f8968a57267409e
Opcode Fuzzy Hash: 0bf4cab0f01c5aa09abdd21b358d9349f74c11f119f6f21b06227b0d38ac58ee
Instruction Fuzzy Hash: CAB10672A083544BE714DBA8CC41B7FB7E9ABC5314F08492DFA9997382E735DC058792

Function 00ABAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: a781246c61fea24a996fa12ac9862f43e2ab728dd0aee39da2f1e87212e3f321
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 1CC18AB2A187418FC370CF28DC96BABB7E5BF85318F08492DD1D9C6242E778A155CB16

Function 00AC6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a9026a57bd19a169a8fa5b46850c4c74a9fe7aa7221c44883be9e7abecaad3
Instruction ID: ee09e3499bd06e86d9017444e0976b9065700b2c36ee2295957a4765ff5b9903
Opcode Fuzzy Hash: 09a9026a57bd19a169a8fa5b46850c4c74a9fe7aa7221c44883be9e7abecaad3
Instruction Fuzzy Hash: 72B100B4600B408FD325CF24CA81B67BBF5AF4A704F14885CE8AA8BB52E775F805CB55

Function 00AF7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 067b5a5850626a46b46d8e027e236a35251ae9abcb444c68d2b46fda9e876251
Instruction ID: 2f92cccc2b6a5c6b673398a8b4a1e6119bd92e94a64ffbe787f3835a452a6f11
Opcode Fuzzy Hash: 067b5a5850626a46b46d8e027e236a35251ae9abcb444c68d2b46fda9e876251
Instruction Fuzzy Hash: 7F917C71A08305ABEB20DF94D880B7FBBE6EB85394F54881CF69597351E730E950CB92

Function 00AFA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b294e4129bdaffd2bf064303ebc023e9ae6e9ec4f76b09555c6077a896b5819c
Instruction ID: dc067c4fa374ef088208b374f084e937ee3ac4425ad9c8bd5d9336d04476977c
Opcode Fuzzy Hash: b294e4129bdaffd2bf064303ebc023e9ae6e9ec4f76b09555c6077a896b5819c
Instruction Fuzzy Hash: 198170742087099BD724DFA8D880A7AB7F5EF65740F45891CF6898B261E731EC10CB92

Function 00AE64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb7f5a666fd08db1c27bc32289c622ff839337099b25c6d24d166d1329a88435
Instruction ID: 7eb4d5e8a1b8bbb5c23997a345c91b9cb4a2dc14ce45bdb02647a7368307be13
Opcode Fuzzy Hash: eb7f5a666fd08db1c27bc32289c622ff839337099b25c6d24d166d1329a88435
Instruction Fuzzy Hash: BC71F733B29AD04BC3149D7E4C463A5BA534BF6374B3DC779A9B48B3E5D6294C064390

Function 00AD28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a31f9fab627d624475e4895e39d5e4d42b621050e419514a29b42dc3296547
Instruction ID: 3bae475fd8e51ed18bffde86f2c4cb863a21eb1d43560b722986b36224177a51
Opcode Fuzzy Hash: a2a31f9fab627d624475e4895e39d5e4d42b621050e419514a29b42dc3296547
Instruction Fuzzy Hash: 436167B44183909BD310AF19D851B2ABBF1FFA6750F08491EF4C69B361E33AD910CB66

Function 00AD7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d4fe43bd43ea4b0ab53db820255671838320480c857a4f809fcfa1be3e51d7
Instruction ID: 3487ba50db4ec258ebd402cb9138fb06276a6c719da1cfa47a4cc0b68418fcd6
Opcode Fuzzy Hash: 07d4fe43bd43ea4b0ab53db820255671838320480c857a4f809fcfa1be3e51d7
Instruction Fuzzy Hash: F651CFB1618204AFDB249B24CC82BBB33B5EF85764F144959F9868B391F375DC01C761

Function 00AE1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 163d7eb298066db60da0b7203dfe60d32355ab4ad127cad72b84a7f8b0049026
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 9361CE317093A1ABD714CF2AC58072FBBE2ABC9390F68C93DE4998B351D270DD859742

Function 00AE82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49cf179ef2dee210249b9c00bb70b29b730aa74ba6fb4cfe957dae732cdee203
Instruction ID: c6b4ce2578d7a3ca9c328660c64d92ef254c50291452cc927b5d32d86b7b00a0
Opcode Fuzzy Hash: 49cf179ef2dee210249b9c00bb70b29b730aa74ba6fb4cfe957dae732cdee203
Instruction Fuzzy Hash: 23615833A5EAD14BC314867E5C553A66A935BD2730F3EC36698B98F3E4CD6D48028351

Function 00AC42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1418a315b1f98c2d705b66b3b24d08f176745cec657a4d69cf68d8757265f2
Instruction ID: 335c27bd596d40ff938a61b7070b367a65bfd63d6aed34f42df82d0d7179109b
Opcode Fuzzy Hash: ef1418a315b1f98c2d705b66b3b24d08f176745cec657a4d69cf68d8757265f2
Instruction Fuzzy Hash: D581D4B4810B00AFD360EF39DA47797BEF4AB06201F404A2DE4EA97655E7316459CBE3

Function 00C5FA03 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73f583ba3656e57598610d2d548806be13f8a6f1cb3d89a1b1c0d9574db39b6f
Instruction ID: 319df63ed3984777dae7336725d04632fe22e8be8c8b1789d5c4f18456a595ae
Opcode Fuzzy Hash: 73f583ba3656e57598610d2d548806be13f8a6f1cb3d89a1b1c0d9574db39b6f
Instruction Fuzzy Hash: E95147F3A092105FE3046E2DDC4436ABBDAEBD4310F1B853DEAC8D3784D97858418782

Function 00B443A0 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb8b5d4cc6004eb3079eec99f016587b34a6618534ebd6b20505c7405967dc1
Instruction ID: f7edfb0ce7887471fd2092ac247e6f88099229b7c1fadec3ea06bab0a8c7cd8c
Opcode Fuzzy Hash: 5bb8b5d4cc6004eb3079eec99f016587b34a6618534ebd6b20505c7405967dc1
Instruction Fuzzy Hash: DF51F6F3B182009FE304AE2DDCC477ABAD6EB94310F1A853DDB8887784E53959058687

Function 00AEE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: f32d3e99269f0bccfdd612f1ac1618f703e83c06e472e5533a08af2ac597883b
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 33517DB16087548FE314DF69D49435BBBE1BBC5358F044E2DE4E983350E379DA088B82

Function 00AF7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c3bc506b660d89604c40ea4049cd2e29104a64a9eeb123732f9abb88afce21
Instruction ID: e3424c7cde8aca621ce155047728afc99fedb21280769a1fa8ee64c5531792e3
Opcode Fuzzy Hash: c2c3bc506b660d89604c40ea4049cd2e29104a64a9eeb123732f9abb88afce21
Instruction Fuzzy Hash: D351E43160C218ABC715AF58DC90B3EB7E6EB85754F288A2CFAD597391D731EC108B91

Function 00AB5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b211ce89384a86f5e3133b1d46d6c7cd6d7641fcab65c8dbb5e202e57756d1ee
Instruction ID: 71ada640cf4c780735157fa08ffb47b372f71f7350055135f7b6f1cd4faf632e
Opcode Fuzzy Hash: b211ce89384a86f5e3133b1d46d6c7cd6d7641fcab65c8dbb5e202e57756d1ee
Instruction Fuzzy Hash: 2951D271E047049FC714DF24C890A6ABBA9FF89364F15466CF8999B353DA31EC42CB92

Function 00ADEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e091681e5419b22b807fb44d035a59110eb68f53eaa77b4ab1b43b4973415ef
Instruction ID: 370f07cc86f188f2cf5ed8fa0dc832dd6286b8fb76720fd3dd8ea4cb5b0e95fa
Opcode Fuzzy Hash: 3e091681e5419b22b807fb44d035a59110eb68f53eaa77b4ab1b43b4973415ef
Instruction Fuzzy Hash: 77419074900315DBDF20DF94DC91BA9B7B1FF0A340F144549E985AF3A1EB389951CB91

Function 00AF9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72e317e317d359bc02442448bfe248d2c6cea66954af96431ad307b38d280d4b
Instruction ID: 49a28c2788d1a6b6bd71b3beba9fab970ddf4044fdf1d40a95f5be6e165a628f
Opcode Fuzzy Hash: 72e317e317d359bc02442448bfe248d2c6cea66954af96431ad307b38d280d4b
Instruction Fuzzy Hash: 91419C34608348AFD720DF95D990B3BBBE6EB95710F24882CF68997251D331EC01CB62

Function 00AC2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1882725e688728a909f20c70140d138b9a876f473de73a0ec4da8943ba5989d0
Instruction ID: ded402692e2d23236f1323625d1d76ea8fb86e0b29c315323a8979902920a123
Opcode Fuzzy Hash: 1882725e688728a909f20c70140d138b9a876f473de73a0ec4da8943ba5989d0
Instruction Fuzzy Hash: 6F410772A083654FD35CDF2A849473ABBE2AFC4310F0A866EE4E6873D4DA748D45D781

Function 00AC1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13595729b57b78caae0ec2fe1154c83bd34d4deb52bb54ccf04017a8a428b35e
Instruction ID: f8a656cf9944410ad2ca1ff48c2371cbf74aeaaf074153466e6506c9d40451a5
Opcode Fuzzy Hash: 13595729b57b78caae0ec2fe1154c83bd34d4deb52bb54ccf04017a8a428b35e
Instruction Fuzzy Hash: 1541ED7460C3809BD320AB59C884F2EFBF5FB86744F14491DF6D497292C37AE8148BA6

Function 00AF8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f5125e1cab42cd92894f07aa520c468c3b54df708937ce5a1d26898070d9d4
Instruction ID: 73eefb32348daf77a2fba6679d2803fe3d431d90443f6f8b068a4a9145a6ad80
Opcode Fuzzy Hash: 25f5125e1cab42cd92894f07aa520c468c3b54df708937ce5a1d26898070d9d4
Instruction Fuzzy Hash: 0141B13160C2548FC704DFA8C49053EFBE6AF99300F198A1DE5D9D7291DB79DD018B82

Function 00ACD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668eb01c2c7700201b8611c8b5a90f6928677c9a31d9ccdf7721e1644db10d92
Instruction ID: 3ce67fa44ed5887c5d5f3d98f2bd8eb1ecc238914482617e03bc5195321d3491
Opcode Fuzzy Hash: 668eb01c2c7700201b8611c8b5a90f6928677c9a31d9ccdf7721e1644db10d92
Instruction Fuzzy Hash: C84178B55083818AD7309F14C881BABB6B0FFA63A0F05096DE48A8BB52E7754940CB57

Function 00BD8CA6 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd1e81c105a268e24dc4530b0a880e766ff474a827f9ea75a446af316540c64
Instruction ID: 87c2c028f66d40235277ccbda93c4c409707f69e8679c96fee9a87d481d16f50
Opcode Fuzzy Hash: acd1e81c105a268e24dc4530b0a880e766ff474a827f9ea75a446af316540c64
Instruction Fuzzy Hash: F73125F3A082049FE304AE6DEC9176AF7E6EBD4721F1A453DE6C5C3384EA3558148792

Function 00AEF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 83bad9ef540c79b3f9000f0199d1cef92b91056cf71bbfd9a2e7f53d0a158abe
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 132107329082644BC7249B5AC48163BF7E4EB99704F06863EE9C4A7295E3359C1487E1

Function 00AF67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfd636a76aecf876653fcf8dae0e056385f6ed27f370d3591ab18eee03533c3
Instruction ID: aff94ad0c5631694bb6664bd8de185b152af8c582fca19e1069ac687382cc174
Opcode Fuzzy Hash: 7cfd636a76aecf876653fcf8dae0e056385f6ed27f370d3591ab18eee03533c3
Instruction Fuzzy Hash: 963132705183829AE714CF54C490A2FBBF0EF96788F54690CF4C8AB261D338D985CB9A

Function 00AD5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62bf1c59c770ed4f9bd707fd356e98a6e5d0e163c07831bcf92f16dbaaf63969
Instruction ID: 132970a4c2e0cbb057f7b8bb73830665fa3466fa967b5ebc86dda9ec34469b7b
Opcode Fuzzy Hash: 62bf1c59c770ed4f9bd707fd356e98a6e5d0e163c07831bcf92f16dbaaf63969
Instruction Fuzzy Hash: BA21B2709083019BD310AF28C94196BB7F4EF96765F44890DF4D69B392E734DA00CBA3

Function 00AB49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: a0ccd456b9206577aeb26234a48416633dfae6a7c26a98fa40e017da23223b8a
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 0731CA316482009FD7149F58D8809ABB7E9EF8C359F18892DE89AD7343D231DC52CB46

Function 00AF64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c191de6b67e35eb84c0d73f55ec1ebc609a934ea50e4b54ec6c5cdcd1074021b
Instruction ID: f6ee69b7c8d231ec6314ccdc684aea72e8b812f50b93b0c368809d0716f65b6a
Opcode Fuzzy Hash: c191de6b67e35eb84c0d73f55ec1ebc609a934ea50e4b54ec6c5cdcd1074021b
Instruction Fuzzy Hash: EC21667060C2049BC714EF99D680A2EFBF6EB95741F28881CE5C597261C731AC50DB62

Function 00AC0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c042fabeafed5a4bb663f7356542375d19265d2938449ebb72ec6356a2fbfa
Instruction ID: 7333057652de67fd034c96dd8d0a0b16fef08766bf596a277e31059cb9cc9cae
Opcode Fuzzy Hash: 27c042fabeafed5a4bb663f7356542375d19265d2938449ebb72ec6356a2fbfa
Instruction Fuzzy Hash: 3021E6B490021A9FDB15CF95CC90FBEBBB1FB4A304F144859E511AB292C735A951CBA4

Function 00AEB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 7d133d74dad506134abf91a9073f85790fa8c26543c9116fafde397241c667d9
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: D511E533A151E90EC7168E3D8444566BFA31AA3234B598399F4B89B2D2D7328D8A9374

Function 00AE0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: a7a6d245fb1f428183d1e53b4b289c030a8b2670b41b8b352a7adef8849ce594
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: AA0184F6E0038247E720DF5695D1F3BB2A9BF80B68F18452CE84657302DBB5EC45C6A1

Function 00ADD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 855f9b2135e2959353e1da77e6c0a77f2ad1bca2c6604537acfaffd13b8969f2
Instruction ID: bd9dd21f2436295e0e718b8765790aee66140891e27c9432d42aefe0fcddd4f8
Opcode Fuzzy Hash: 855f9b2135e2959353e1da77e6c0a77f2ad1bca2c6604537acfaffd13b8969f2
Instruction Fuzzy Hash: 6511ECB0408380AFD3209F618584A2FFBE5EBA6714F148C0DF6A59B251C779E819CF56

Function 00AB6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c183a71ce62f4b325d707c7b699155774a1ab2192d3303887e87dc949ba5119
Instruction ID: 498dfc892aec24febec5345fe4f599e170609ae047732808deea7c522b64bec2
Opcode Fuzzy Hash: 7c183a71ce62f4b325d707c7b699155774a1ab2192d3303887e87dc949ba5119
Instruction Fuzzy Hash: 52F0E03E7152190B6210CEFAE884877F3EAD7D9355B155538EE41D3202DD75EC0791D4

Function 00AEB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00ACC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00ACB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: ec552a336fc90466b57f34b7da8f5644536e80530cd3153c8328a76375a31ba6
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: D1F0ECB161851057DF36CA599CC1F37BB9CCB87354F1A042EE84557143D2725849C3F5

Function 00AE8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd53b18d9c0a3ef2111070810653c6f312a4732305b3d8080228d209311dd15b
Instruction ID: d455d7f8ce1394745205fe374437d2e07197543e9da5bfa6b7a389c0da3cbabb
Opcode Fuzzy Hash: bd53b18d9c0a3ef2111070810653c6f312a4732305b3d8080228d209311dd15b
Instruction Fuzzy Hash: 1201E4B04107009FC360EF29C545757BBE8EB08714F004A1DE8AECB680D770A544CF82

Function 00AF1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: d4060479d4f0d72b7c5c6e08a5c0ea13d17ef604243c2e3c953ad7787a7ed81b
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 19D0A771608321869F748F19A400977F7F0EAC7B12F89955EF686E3148D330DC41C2A9

Function 00AC1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f68c3e047f38c7cea759f80a638526a870602c779708fb3153f6f441f4857c
Instruction ID: 5ec67bc7c9dd6ff000476bd15e914f57b9f577e8b1d3f4b8940da94b76ca44a7
Opcode Fuzzy Hash: c0f68c3e047f38c7cea759f80a638526a870602c779708fb3153f6f441f4857c
Instruction Fuzzy Hash: 99C00234A691018FC244DF95A895A36A6B8AB5720A750602ADA03E7662DA60D417D909

Function 00AF6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46130acf35b7a7a8475a5d6a1edb7625d2f5503dcaa9f57c6dff8f8d65b93296
Instruction ID: 7a4e105bd3c02ea19e6cd4ade5de582477c096fdea0034116b4109b98c2f5a78
Opcode Fuzzy Hash: 46130acf35b7a7a8475a5d6a1edb7625d2f5503dcaa9f57c6dff8f8d65b93296
Instruction Fuzzy Hash: A1C02238A2C00083E28CCF08E800830F3FE8BABF0CB20B00EC80223382C830C002CA0C

Function 00AC1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05b242e9df3b7aace6c87821286732e49b0dcbdf38807e29d9145c36d860db9
Instruction ID: 96669de5860b4df14298bb6fa1055a437718150fc59868653d4f0d021f12dc17
Opcode Fuzzy Hash: b05b242e9df3b7aace6c87821286732e49b0dcbdf38807e29d9145c36d860db9
Instruction Fuzzy Hash: 83C04C34A690408EC244CEC5A8D1531A2B85707209710303A9A03E7262C560D406D509

Function 00AF5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1430510460.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.1430488138.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430546251.0000000000B10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430588487.0000000000B1C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430692832.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430710521.0000000000C70000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430732439.0000000000C82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430825981.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430840951.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430913750.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430930353.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430948517.0000000000C97000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430962800.0000000000C99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1430988237.0000000000CC2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431007405.0000000000CC3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431030023.0000000000CCB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431078910.0000000000CD3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431105587.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431145935.0000000000CED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431166836.0000000000CEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431185726.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431225697.0000000000CFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431249884.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431273026.0000000000D01000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431289489.0000000000D04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431314879.0000000000D0C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431334579.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431355176.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431389913.0000000000D1A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431411855.0000000000D21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431432774.0000000000D23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431450281.0000000000D24000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431471895.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431488884.0000000000D3B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431511517.0000000000D3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431533484.0000000000D43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431576522.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431598133.0000000000D45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431621102.0000000000D6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431672732.0000000000D99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431713019.0000000000D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431734102.0000000000DA2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431788535.0000000000DB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1431809107.0000000000DB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc08b47ce8fc65b131d326a71e85f76cc9bed51e1f6c194dad1f7821c51b4e1d
Instruction ID: 3395af4e6bf907d54a871a894ef2889b9eff82cbc09a8bc450df14691d6fb90d
Opcode Fuzzy Hash: cc08b47ce8fc65b131d326a71e85f76cc9bed51e1f6c194dad1f7821c51b4e1d
Instruction Fuzzy Hash: 28C09224B690008BE28CCF19DD55A35F6FE9BABE1CB14B02DC806A3256D934D512860C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00AF50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00ABFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00ABD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00AF5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00AF5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00AF695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00AC049B Relevance: .3, Instructions: 264
COMMON

Function 00AF3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00AF3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON