Edit tour

Windows Analysis Report
5BL9UfLKF4.exe

Overview

General Information

Sample name:	5BL9UfLKF4.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	80bd6fa12fe9aacd8d3b4f1c93564874ba67a0bb3093cedf100decb6279173d0
Analysis ID:	1541140
MD5:	68b4368ad5d5125699f132bd7332ad5e
SHA1:	d88a3c0285199eb07354697cc7345df3feec4965
SHA256:	80bd6fa12fe9aacd8d3b4f1c93564874ba67a0bb3093cedf100decb6279173d0
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Process Tree

System is w10x64

5BL9UfLKF4.exe (PID: 368 cmdline: "C:\Users\user\Desktop\5BL9UfLKF4.exe" MD5: 68B4368AD5D5125699F132BD7332AD5E)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

DNS traffic detected: query: test.local replaycode: Name error (3)

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_00000001400E96E0 WSASetLastError,recv,

0_2_00000001400E96E0

Source: global traffic

DNS traffic detected: DNS query: test.local

Source: 5BL9UfLKF4.exe	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: 5BL9UfLKF4.exe	String found in binary or memory: http://www.openssl.org/support/faq.html.

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140178120	0_2_0000000140178120
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140008684	0_2_0000000140008684
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140014F93	0_2_0000000140014F93
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140001002	0_2_0000000140001002
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400810AC	0_2_00000001400810AC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400011E6	0_2_00000001400011E6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140139AA0	0_2_0000000140139AA0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140015E4C	0_2_0000000140015E4C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007792F	0_2_000000014007792F
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001000E	0_2_000000014001000E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A406D	0_2_00000001400A406D
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003C06C	0_2_000000014003C06C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014016C080	0_2_000000014016C080
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014C080	0_2_000000014014C080
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AC074	0_2_00000001400AC074
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007C08E	0_2_000000014007C08E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C80B2	0_2_00000001400C80B2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401680D0	0_2_00000001401680D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005011C	0_2_000000014005011C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014006812E	0_2_000000014006812E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140074150	0_2_0000000140074150
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140064186	0_2_0000000140064186
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401481A0	0_2_00000001401481A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401441A2	0_2_00000001401441A2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400841B6	0_2_00000001400841B6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002C1D8	0_2_000000014002C1D8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140004260	0_2_0000000140004260
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140094292	0_2_0000000140094292
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400282AE	0_2_00000001400282AE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400082EA	0_2_00000001400082EA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B432E	0_2_00000001400B432E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005C346	0_2_000000014005C346
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140040368	0_2_0000000140040368
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003C36A	0_2_000000014003C36A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014C3E0	0_2_000000014014C3E0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400683FA	0_2_00000001400683FA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140144401	0_2_0000000140144401
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140074420	0_2_0000000140074420
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140050429	0_2_0000000140050429
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003C444	0_2_000000014003C444
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001C454	0_2_000000014001C454
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007C494	0_2_000000014007C494
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400804BA	0_2_00000001400804BA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400984D6	0_2_00000001400984D6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140144500	0_2_0000000140144500
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401604F0	0_2_00000001401604F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140038536	0_2_0000000140038536
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014C5B0	0_2_000000014014C5B0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401385B0	0_2_00000001401385B0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000C5C4	0_2_000000014000C5C4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400F05E0	0_2_00000001400F05E0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400905F6	0_2_00000001400905F6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140154660	0_2_0000000140154660
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003065A	0_2_000000014003065A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140084698	0_2_0000000140084698
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400206B1	0_2_00000001400206B1
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401446D7	0_2_00000001401446D7
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003C6D2	0_2_000000014003C6D2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014C6D0	0_2_000000014014C6D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400206E8	0_2_00000001400206E8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B06EE	0_2_00000001400B06EE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A8711	0_2_00000001400A8711
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140044786	0_2_0000000140044786
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400D47E0	0_2_00000001400D47E0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400287D8	0_2_00000001400287D8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015C800	0_2_000000014015C800
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401888D0	0_2_00000001401888D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140094900	0_2_0000000140094900
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140034924	0_2_0000000140034924
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140064962	0_2_0000000140064962
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400BC994	0_2_00000001400BC994
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A49B8	0_2_00000001400A49B8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400309C4	0_2_00000001400309C4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400889D0	0_2_00000001400889D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400689D4	0_2_00000001400689D4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C4A18	0_2_00000001400C4A18
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140070A30	0_2_0000000140070A30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140160A30	0_2_0000000140160A30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000CA42	0_2_000000014000CA42
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140144A51	0_2_0000000140144A51
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014CA80	0_2_000000014014CA80
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009CA7E	0_2_000000014009CA7E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005CA82	0_2_000000014005CA82
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140150AD0	0_2_0000000140150AD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140020B08	0_2_0000000140020B08
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140074B80	0_2_0000000140074B80
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140198C00	0_2_0000000140198C00
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140070BF0	0_2_0000000140070BF0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140014CA0	0_2_0000000140014CA0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140088CA8	0_2_0000000140088CA8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004CCC4	0_2_000000014004CCC4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002CCD0	0_2_000000014002CCD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140018CD2	0_2_0000000140018CD2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140144CD0	0_2_0000000140144CD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C0D8A	0_2_00000001400C0D8A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009CD98	0_2_000000014009CD98
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014CDB0	0_2_000000014014CDB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140008DE8	0_2_0000000140008DE8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401A8E1C	0_2_00000001401A8E1C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140054E2C	0_2_0000000140054E2C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140068E2A	0_2_0000000140068E2A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140028E44	0_2_0000000140028E44
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140148E50	0_2_0000000140148E50
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140160E80	0_2_0000000140160E80
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140154EC0	0_2_0000000140154EC0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140038ECE	0_2_0000000140038ECE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FCEE0	0_2_00000001400FCEE0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140024EE8	0_2_0000000140024EE8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140084EFC	0_2_0000000140084EFC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000CF34	0_2_000000014000CF34
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140098F40	0_2_0000000140098F40
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140048F74	0_2_0000000140048F74
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401C8FBC	0_2_00000001401C8FBC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140010FB4	0_2_0000000140010FB4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140068FCC	0_2_0000000140068FCC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004CFEA	0_2_000000014004CFEA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A500E	0_2_00000001400A500E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003D01C	0_2_000000014003D01C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014900B	0_2_000000014014900B
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400DD060	0_2_00000001400DD060
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B9064	0_2_00000001400B9064
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400950A0	0_2_00000001400950A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401850C0	0_2_00000001401850C0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007D0B4	0_2_000000014007D0B4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007D0BE	0_2_000000014007D0BE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014D0D0	0_2_000000014014D0D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140075100	0_2_0000000140075100
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008D0F4	0_2_000000014008D0F4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140135120	0_2_0000000140135120
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005D10C	0_2_000000014005D10C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FD120	0_2_00000001400FD120
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FD114	0_2_00000001400FD114
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FD12F	0_2_00000001400FD12F
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140055140	0_2_0000000140055140
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FD132	0_2_00000001400FD132
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C514B	0_2_00000001400C514B
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140065150	0_2_0000000140065150
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140089166	0_2_0000000140089166
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015D170	0_2_000000014015D170
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A91AC	0_2_00000001400A91AC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B91A2	0_2_00000001400B91A2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015D1C0	0_2_000000014015D1C0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401B51F0	0_2_00000001401B51F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401AD220	0_2_00000001401AD220
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002925E	0_2_000000014002925E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140149296	0_2_0000000140149296
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015D290	0_2_000000014015D290
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015D2E0	0_2_000000014015D2E0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400152D1	0_2_00000001400152D1
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007D2E4	0_2_000000014007D2E4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015D300	0_2_000000014015D300
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002D312	0_2_000000014002D312
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140145330	0_2_0000000140145330
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140045358	0_2_0000000140045358
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401493A0	0_2_00000001401493A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014D3A0	0_2_000000014014D3A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401353C0	0_2_00000001401353C0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400613BE	0_2_00000001400613BE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140131400	0_2_0000000140131400
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140085410	0_2_0000000140085410
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003541E	0_2_000000014003541E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000D42E	0_2_000000014000D42E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140195430	0_2_0000000140195430
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004D44C	0_2_000000014004D44C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140015453	0_2_0000000140015453
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140005460	0_2_0000000140005460
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401C5480	0_2_00000001401C5480
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140055488	0_2_0000000140055488
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B1488	0_2_00000001400B1488
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401914D0	0_2_00000001401914D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140021546	0_2_0000000140021546
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140145560	0_2_0000000140145560
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A5580	0_2_00000001400A5580
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140185590	0_2_0000000140185590
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400695D6	0_2_00000001400695D6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401495D0	0_2_00000001401495D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400915E2	0_2_00000001400915E2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008D5FA	0_2_000000014008D5FA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401355F0	0_2_00000001401355F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140139620	0_2_0000000140139620
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140181640	0_2_0000000140181640
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014D660	0_2_000000014014D660
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140015677	0_2_0000000140015677
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400796A0	0_2_00000001400796A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140161690	0_2_0000000140161690
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400016B8	0_2_00000001400016B8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401956D0	0_2_00000001401956D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C16F0	0_2_00000001400C16F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400156EC	0_2_00000001400156EC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400416FB	0_2_00000001400416FB
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003D722	0_2_000000014003D722
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140075760	0_2_0000000140075760
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001977A	0_2_000000014001977A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400F97C0	0_2_00000001400F97C0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401497D0	0_2_00000001401497D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400057EA	0_2_00000001400057EA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400897FA	0_2_00000001400897FA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401497F0	0_2_00000001401497F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003582A	0_2_000000014003582A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140001836	0_2_0000000140001836
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140145830	0_2_0000000140145830
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C5874	0_2_00000001400C5874
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400118DC	0_2_00000001400118DC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009192E	0_2_000000014009192E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140009926	0_2_0000000140009926
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140035943	0_2_0000000140035943
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004D944	0_2_000000014004D944
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AD9AA	0_2_00000001400AD9AA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003D9AE	0_2_000000014003D9AE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400659B6	0_2_00000001400659B6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A99DA	0_2_00000001400A99DA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007D9D4	0_2_000000014007D9D4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002D9DC	0_2_000000014002D9DC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140195A30	0_2_0000000140195A30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140089A38	0_2_0000000140089A38
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140159A80	0_2_0000000140159A80
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014DA80	0_2_000000014014DA80
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140185A70	0_2_0000000140185A70
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140079A8A	0_2_0000000140079A8A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400E5AA0	0_2_00000001400E5AA0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140031A96	0_2_0000000140031A96
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140139AC0	0_2_0000000140139AC0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140145AB0	0_2_0000000140145AB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003DADE	0_2_000000014003DADE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140041B66	0_2_0000000140041B66
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401A5BB0	0_2_00000001401A5BB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140069BC6	0_2_0000000140069BC6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140181BD0	0_2_0000000140181BD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B5C00	0_2_00000001400B5C00
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014DBF0	0_2_000000014014DBF0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A1C20	0_2_00000001400A1C20
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004DC3A	0_2_000000014004DC3A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002DC5C	0_2_000000014002DC5C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003DC8C	0_2_000000014003DC8C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140145C90	0_2_0000000140145C90
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140165D30	0_2_0000000140165D30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140101D60	0_2_0000000140101D60
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A5D72	0_2_00000001400A5D72
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140079DE4	0_2_0000000140079DE4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140141E00	0_2_0000000140141E00
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400DDE30	0_2_00000001400DDE30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140025E3C	0_2_0000000140025E3C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140101E60	0_2_0000000140101E60
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140039E60	0_2_0000000140039E60
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009DE90	0_2_000000014009DE90
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014DEA0	0_2_000000014014DEA0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140089E92	0_2_0000000140089E92
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005DEC2	0_2_000000014005DEC2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140009EE0	0_2_0000000140009EE0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B9EEA	0_2_00000001400B9EEA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400ADF2C	0_2_00000001400ADF2C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C1F86	0_2_00000001400C1F86
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140141F90	0_2_0000000140141F90
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140185FC0	0_2_0000000140185FC0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A9FB6	0_2_00000001400A9FB6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C5FE0	0_2_00000001400C5FE0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014015DFD0	0_2_000000014015DFD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140082020	0_2_0000000140082020
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014E030	0_2_000000014014E030
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401A6054	0_2_00000001401A6054
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004E0DC	0_2_000000014004E0DC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014006A14E	0_2_000000014006A14E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B6190	0_2_00000001400B6190
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014619E	0_2_000000014014619E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140012192	0_2_0000000140012192
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400621C2	0_2_00000001400621C2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B21C2	0_2_00000001400B21C2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400661DC	0_2_00000001400661DC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401861F0	0_2_00000001401861F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140076230	0_2_0000000140076230
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008A27E	0_2_000000014008A27E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014012A2D0	0_2_000000014012A2D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400562E3	0_2_00000001400562E3
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140146300	0_2_0000000140146300
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003A2F6	0_2_000000014003A2F6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AA2FE	0_2_00000001400AA2FE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008E308	0_2_000000014008E308
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009231A	0_2_000000014009231A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014E340	0_2_000000014014E340
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A6338	0_2_00000001400A6338
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C63E8	0_2_00000001400C63E8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005A418	0_2_000000014005A418
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007A41A	0_2_000000014007A41A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140032432	0_2_0000000140032432
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140136430	0_2_0000000140136430
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401BE458	0_2_00000001401BE458
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400BA46B	0_2_00000001400BA46B
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140152480	0_2_0000000140152480
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400924DA	0_2_00000001400924DA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014E520	0_2_000000014014E520
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AE539	0_2_00000001400AE539
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401A6554	0_2_00000001401A6554
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140012554	0_2_0000000140012554
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400865BC	0_2_00000001400865BC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400565C8	0_2_00000001400565C8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001E5CA	0_2_000000014001E5CA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000E5D6	0_2_000000014000E5D6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401465D0	0_2_00000001401465D0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002E5EE	0_2_000000014002E5EE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401465F0	0_2_00000001401465F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014016A620	0_2_000000014016A620
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140046625	0_2_0000000140046625
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140182650	0_2_0000000140182650
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014003E65C	0_2_000000014003E65C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140186680	0_2_0000000140186680
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A668E	0_2_00000001400A668E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014010E6A0	0_2_000000014010E6A0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400226C3	0_2_00000001400226C3
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400226EE	0_2_00000001400226EE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400966F8	0_2_00000001400966F8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014017A720	0_2_000000014017A720
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A2705	0_2_00000001400A2705
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014006A71C	0_2_000000014006A71C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005E728	0_2_000000014005E728
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140102780	0_2_0000000140102780
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400E27F0	0_2_00000001400E27F0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014018A800	0_2_000000014018A800
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014E840	0_2_000000014014E840
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C685E	0_2_00000001400C685E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140006860	0_2_0000000140006860
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B2864	0_2_00000001400B2864
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004A8DA	0_2_000000014004A8DA
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B68E6	0_2_00000001400B68E6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AE8F6	0_2_00000001400AE8F6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140196960	0_2_0000000140196960
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140076950	0_2_0000000140076950
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014002E960	0_2_000000014002E960
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009A96C	0_2_000000014009A96C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140022985	0_2_0000000140022985
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014A9C0	0_2_000000014014A9C0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400869E2	0_2_00000001400869E2
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001EA0C	0_2_000000014001EA0C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140142A20	0_2_0000000140142A20
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014009EA97	0_2_000000014009EA97
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140182AB0	0_2_0000000140182AB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014EAB0	0_2_000000014014EAB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400B6AB8	0_2_00000001400B6AB8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014013EAB0	0_2_000000014013EAB0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140192AD0	0_2_0000000140192AD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140022ADE	0_2_0000000140022ADE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400FAB20	0_2_00000001400FAB20
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008EB30	0_2_000000014008EB30
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401BEB6C	0_2_00000001401BEB6C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014017AB70	0_2_000000014017AB70
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004AB8E	0_2_000000014004AB8E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140036B9E	0_2_0000000140036B9E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140142BCC	0_2_0000000140142BCC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005AC10	0_2_000000014005AC10
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400BEC16	0_2_00000001400BEC16
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000EC68	0_2_000000014000EC68
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140076CAC	0_2_0000000140076CAC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140066CD8	0_2_0000000140066CD8
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140032CE4	0_2_0000000140032CE4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400F6D00	0_2_00000001400F6D00
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140092CFE	0_2_0000000140092CFE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140046D02	0_2_0000000140046D02
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400BAD14	0_2_00000001400BAD14
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000AD27	0_2_000000014000AD27
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000AD28	0_2_000000014000AD28
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014007AD60	0_2_000000014007AD60
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004AD7F	0_2_000000014004AD7F
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140026D7A	0_2_0000000140026D7A
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140142E1B	0_2_0000000140142E1B
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014012AE10	0_2_000000014012AE10
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400A2E68	0_2_00000001400A2E68
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140002E70	0_2_0000000140002E70
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014EEA0	0_2_000000014014EEA0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400C6E98	0_2_00000001400C6E98
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140072ED0	0_2_0000000140072ED0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014001EECE	0_2_000000014001EECE
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401A2ECC	0_2_00000001401A2ECC
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140142F20	0_2_0000000140142F20
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140182F10	0_2_0000000140182F10
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400AAF2E	0_2_00000001400AAF2E
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140096F58	0_2_0000000140096F58
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014008AF64	0_2_000000014008AF64
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140052F90	0_2_0000000140052F90
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140082FA9	0_2_0000000140082FA9
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140176FC0	0_2_0000000140176FC0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140102FE0	0_2_0000000140102FE0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014AFD0	0_2_000000014014AFD0
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014006AFF6	0_2_000000014006AFF6
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014005B022	0_2_000000014005B022
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014F060	0_2_000000014014F060
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_0000000140103060	0_2_0000000140103060
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014004B052	0_2_000000014004B052
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401C7080	0_2_00000001401C7080
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014000F06C	0_2_000000014000F06C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014014F090	0_2_000000014014F090
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001400630B2	0_2_00000001400630B2

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400D0B80 appears 34 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400E91A0 appears 220 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400D0C10 appears 43 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001401057C0 appears 37 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400D3AD0 appears 42 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400D1D60 appears 508 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400FDC20 appears 818 times
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: String function: 00000001400D08A0 appears 112 times

Source: classification engine

Classification label: clean5.winEXE@1/0@21/0

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_0000000140178120 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,

0_2_0000000140178120

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Mutant created: \Sessions\1\BaseNamedObjects\P

Source: 5BL9UfLKF4.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 5BL9UfLKF4.exe	String found in binary or memory: id-cmc-addExtensions
Source: 5BL9UfLKF4.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: zlib1.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: 5BL9UfLKF4.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 5BL9UfLKF4.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 5BL9UfLKF4.exe

Static file information: File size 2883072 > 1048576

Source: 5BL9UfLKF4.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x24b400

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

0_2_0000000140178120

Source: 5BL9UfLKF4.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

0_2_0000000140178120

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

0_2_0000000140178120

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

API coverage: 7.3 %

Source: 5BL9UfLKF4.exe, 00000000.00000002.3305920105.000000000048D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_000000014011E160 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_000000014011E160

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

0_2_0000000140178120

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

0_2_0000000140178120

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_00000001400C5FE0 GetSystemFirmwareTable,GetProcessHeap,HeapAlloc,GetSystemFirmwareTable,GetProcessHeap,HeapFree,

0_2_00000001400C5FE0

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014011E160 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_000000014011E160
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_000000014011E150 SetUnhandledExceptionFilter,	0_2_000000014011E150
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: 0_2_00000001401AE734 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000001401AE734

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00000001401C1400
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: EnumSystemLocalesW,	0_2_00000001401C1700
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: EnumSystemLocalesW,	0_2_00000001401C1A1C
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00000001401C1CA4
Source: C:\Users\user\Desktop\5BL9UfLKF4.exe	Code function: GetLocaleInfoW,	0_2_00000001401CF040

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_0000000140174420 GetSystemTime,SystemTimeToFileTime,

0_2_0000000140174420

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Code function: 0_2_0000000140076A24 GetUserNameW,

0_2_0000000140076A24

Source: C:\Users\user\Desktop\5BL9UfLKF4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 Account Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
5BL9UfLKF4.exe	5%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.openssl.org/support/faq.html	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
test.local	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.openssl.org/support/faq.html.	5BL9UfLKF4.exe	false		unknown
http://www.openssl.org/support/faq.html	5BL9UfLKF4.exe	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541140
Start date and time:	2024-10-24 14:00:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	5BL9UfLKF4.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	80bd6fa12fe9aacd8d3b4f1c93564874ba67a0bb3093cedf100decb6279173d0
Detection:	CLEAN
Classification:	clean5.winEXE@1/0@21/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 90% Number of executed functions: 32 Number of non-executed functions: 138

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: 5BL9UfLKF4.exe

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.817884205285614
TrID:	Win64 Executable GUI (202006/5) 91.80% Win64 Executable (generic) (12005/4) 5.46% Clipper DOS Executable (2020/12) 0.92% Generic Win/DOS Executable (2004/3) 0.91% DOS Executable Generic (2002/1) 0.91%
File name:	5BL9UfLKF4.exe
File size:	2'883'072 bytes
MD5:	68b4368ad5d5125699f132bd7332ad5e
SHA1:	d88a3c0285199eb07354697cc7345df3feec4965
SHA256:	80bd6fa12fe9aacd8d3b4f1c93564874ba67a0bb3093cedf100decb6279173d0
SHA512:	645f298e9591a823f64437969fb171d405fdd291194d6d3ac75c8d1f6db5e5d72a9a72f9366af7ff4997787f3dda9634b3f4b8433998f671d3d00d843380d3df
SSDEEP:	49152:H8Bnw9Ksc1r0SX9vYEY1oXE+4WQ4SlaarxbVqMlOd1AoSoWPP7kG:38PX9AENSRGWY1AeWbkG
TLSH:	94D5BE2A6B4048C5D8A7C178D6268613E7B1B4920B70EBFF46B147680FA77F91F7A305
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....~f..........".......$..F.................@..............................,.......,... ........................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14019efe8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, NX_COMPAT
Time Stamp:	0x667E930A [Fri Jun 28 10:40:10 2024 UTC]
TLS Callbacks:	0x400d8560, 0x1
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	285b5705ecc47590ea24648ebfb48658

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FE8E4F747B0h
dec eax
add esp, 28h
jmp 00007FE8E4F7461Fh
int3
int3
dec eax
mov dword ptr [esp+20h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 20h
dec eax
mov eax, dword ptr [000BFF28h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007FE8E4F74816h
dec eax
and dword ptr [ebp+18h], 00000000h
dec eax
lea ecx, dword ptr [ebp+18h]
call dword ptr [0003008Ah]
dec eax
mov eax, dword ptr [ebp+18h]
dec eax
mov dword ptr [ebp+10h], eax
call dword ptr [0002FFB4h]
mov eax, eax
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [0002FFA0h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+20h]
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [00030150h]
mov eax, dword ptr [ebp+20h]
dec eax
lea ecx, dword ptr [ebp+10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+20h]
dec eax
xor eax, dword ptr [ebp+10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1ce730	0x8c	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2c3000	0x1d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1d0140	0x1419c	.text
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2c4000	0x5a44	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2259a8	0x28	.text
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x211ac0	0x138	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1cedc0	0x600	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x24b3b4	0x24b400	87a2c2a888a22df5f9903638f317f429	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x24d000	0x7390c	0x6da00	4eacdcba7a2e2a30865932ce0d923689	False	0.4760124180444698	data	6.511355556839077	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2c1000	0xa7a	0xc00	6e255a78cd448c7d61d80cc84ff162c5	False	0.666015625	data	6.187914452145805	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x2c2000	0xf4	0x200	6a1882bda59b934eac76f392bec73934	False	0.314453125	data	2.4567134458950477	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x2c3000	0x1d8	0x200	c0e29704ee1a476abe24ed77e1c114bf	False	0.5234375	data	4.6007614142729585	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2c4000	0x5a44	0x5c00	44d9a2963fa80e3de1cd2a3b84125e40	False	0.27169667119565216	data	5.438964266061833	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x2c3060	0x173	XML 1.0 document, ASCII text	English	United States	0.6037735849056604

Imports

DLL	Import
WS2_32.dll	WSAAddressToStringW, WSACleanup, WSAGetLastError, WSARecv, WSASend, WSASetLastError, WSASocketW, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, getsockname, getsockopt, htonl, inet_ntop, ioctlsocket, ntohl, recv, select, send, setsockopt, shutdown
KERNEL32.dll	AcquireSRWLockExclusive, AreFileApisANSI, AssignProcessToJobObject, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateEventW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexA, CreatePipe, CreateProcessA, CreateProcessW, CreateThread, CreateThreadpoolWork, CreateWaitableTimerA, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlushConsoleInputBuffer, FlushFileBuffers, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleCP, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDriveTypeW, GetEnvironmentStringsW, GetFileAttributesExW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemFirmwareTable, GetSystemTime, GetSystemTimeAsFileTime, GetTickCount, GetTimeZoneInformation, GetUserDefaultLCID, GlobalMemoryStatus, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeConditionVariable, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, InitializeSRWLock, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, LocalFree, MultiByteToWideChar, PeekNamedPipe, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, QueueUserAPC, RaiseException, ReadConsoleInputW, ReadConsoleW, ReadFile, ReleaseMutex, ReleaseSRWLockExclusive, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetConsoleCP, SetConsoleCtrlHandler, SetConsoleMode, SetConsoleOutputCP, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFilePointerEx, SetInformationJobObject, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SetWaitableTimer, SleepConditionVariableCS, SleepConditionVariableSRW, SleepEx, SubmitThreadpoolWork, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnhandledExceptionFilter, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
ADVAPI32.dll	DeregisterEventSource, GetUserNameW, RegisterEventSourceW, ReportEventW
USER32.dll	GetProcessWindowStation, GetUserObjectInformationW, MessageBoxW
NETAPI32.dll	NetApiBufferFree, NetWkstaGetInfo
IPHLPAPI.DLL	GetAdaptersAddresses

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 14:01:04.342037916 CEST	56619	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:04.362385035 CEST	53	56619	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:09.645318031 CEST	57493	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:09.661808014 CEST	53	57493	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:16.988848925 CEST	63121	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:17.006412029 CEST	53	63121	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:24.285785913 CEST	58675	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:24.302048922 CEST	53	58675	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:29.573539019 CEST	57214	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:29.596497059 CEST	53	57214	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:34.879230976 CEST	60780	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:34.894761086 CEST	53	60780	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:41.182208061 CEST	65520	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:41.202203989 CEST	53	65520	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:47.473110914 CEST	63657	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:47.493735075 CEST	53	63657	1.1.1.1	192.168.2.5
Oct 24, 2024 14:01:54.801597118 CEST	57039	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:01:54.819048882 CEST	53	57039	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:01.082703114 CEST	62094	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:01.098156929 CEST	53	62094	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:08.395431042 CEST	61824	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:08.409926891 CEST	53	61824	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:14.707554102 CEST	61590	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:14.717598915 CEST	53	61590	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:20.004281044 CEST	63359	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:20.012351990 CEST	53	63359	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:26.301366091 CEST	55240	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:26.316232920 CEST	53	55240	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:31.598659992 CEST	64392	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:31.618884087 CEST	53	64392	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:37.949116945 CEST	54170	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:37.958334923 CEST	53	54170	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:44.239083052 CEST	61917	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:44.295150042 CEST	53	61917	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:49.582858086 CEST	61006	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:49.602224112 CEST	53	61006	1.1.1.1	192.168.2.5
Oct 24, 2024 14:02:56.910902977 CEST	62272	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:02:56.921458006 CEST	53	62272	1.1.1.1	192.168.2.5
Oct 24, 2024 14:03:03.207484007 CEST	50265	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:03:03.227916002 CEST	53	50265	1.1.1.1	192.168.2.5
Oct 24, 2024 14:03:08.504594088 CEST	57946	53	192.168.2.5	1.1.1.1
Oct 24, 2024 14:03:08.519525051 CEST	53	57946	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 14:01:04.342037916 CEST	192.168.2.5	1.1.1.1	0x8127	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:09.645318031 CEST	192.168.2.5	1.1.1.1	0xb746	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:16.988848925 CEST	192.168.2.5	1.1.1.1	0x6eac	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:24.285785913 CEST	192.168.2.5	1.1.1.1	0x1a3c	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:29.573539019 CEST	192.168.2.5	1.1.1.1	0xee6	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:34.879230976 CEST	192.168.2.5	1.1.1.1	0x23b5	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:41.182208061 CEST	192.168.2.5	1.1.1.1	0x8952	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:47.473110914 CEST	192.168.2.5	1.1.1.1	0xddee	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:54.801597118 CEST	192.168.2.5	1.1.1.1	0x469c	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:01.082703114 CEST	192.168.2.5	1.1.1.1	0xf900	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:08.395431042 CEST	192.168.2.5	1.1.1.1	0x3391	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:14.707554102 CEST	192.168.2.5	1.1.1.1	0x1882	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:20.004281044 CEST	192.168.2.5	1.1.1.1	0x299e	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:26.301366091 CEST	192.168.2.5	1.1.1.1	0x70e3	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:31.598659992 CEST	192.168.2.5	1.1.1.1	0x4ef2	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:37.949116945 CEST	192.168.2.5	1.1.1.1	0x5bfe	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:44.239083052 CEST	192.168.2.5	1.1.1.1	0x9e57	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:49.582858086 CEST	192.168.2.5	1.1.1.1	0x6e76	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:56.910902977 CEST	192.168.2.5	1.1.1.1	0x5e6e	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:03:03.207484007 CEST	192.168.2.5	1.1.1.1	0xf814	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:03:08.504594088 CEST	192.168.2.5	1.1.1.1	0x4fcd	Standard query (0)	test.local	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 14:01:04.362385035 CEST	1.1.1.1	192.168.2.5	0x8127	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:09.661808014 CEST	1.1.1.1	192.168.2.5	0xb746	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:17.006412029 CEST	1.1.1.1	192.168.2.5	0x6eac	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:24.302048922 CEST	1.1.1.1	192.168.2.5	0x1a3c	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:29.596497059 CEST	1.1.1.1	192.168.2.5	0xee6	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:34.894761086 CEST	1.1.1.1	192.168.2.5	0x23b5	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:41.202203989 CEST	1.1.1.1	192.168.2.5	0x8952	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:47.493735075 CEST	1.1.1.1	192.168.2.5	0xddee	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:01:54.819048882 CEST	1.1.1.1	192.168.2.5	0x469c	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:01.098156929 CEST	1.1.1.1	192.168.2.5	0xf900	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:08.409926891 CEST	1.1.1.1	192.168.2.5	0x3391	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:14.717598915 CEST	1.1.1.1	192.168.2.5	0x1882	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:20.012351990 CEST	1.1.1.1	192.168.2.5	0x299e	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:26.316232920 CEST	1.1.1.1	192.168.2.5	0x70e3	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:31.618884087 CEST	1.1.1.1	192.168.2.5	0x4ef2	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:37.958334923 CEST	1.1.1.1	192.168.2.5	0x5bfe	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:44.295150042 CEST	1.1.1.1	192.168.2.5	0x9e57	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:49.602224112 CEST	1.1.1.1	192.168.2.5	0x6e76	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:02:56.921458006 CEST	1.1.1.1	192.168.2.5	0x5e6e	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:03:03.227916002 CEST	1.1.1.1	192.168.2.5	0xf814	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 14:03:08.519525051 CEST	1.1.1.1	192.168.2.5	0x4fcd	Name error (3)	test.local	none	none	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	08:01:03
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\5BL9UfLKF4.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\5BL9UfLKF4.exe"
Imagebase:	0x140000000
File size:	2'883'072 bytes
MD5 hash:	68B4368AD5D5125699F132BD7332AD5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0.2%
Signature Coverage:	40.8%
Total number of Nodes:	546
Total number of Limit Nodes:	34

Executed Functions

Function 0000000140178120 Relevance: 135.2, APIs: 48, Strings: 29, Instructions: 482
libraryloadermemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140178179
LoadLibraryW.KERNEL32 ref: 0000000140178189
LoadLibraryW.KERNEL32 ref: 000000014017819B
GetProcAddress.KERNEL32 ref: 00000001401781BC
GetProcAddress.KERNEL32 ref: 00000001401781CF
NetStatisticsGet.NETAPI32(?,?,?,0000000140139D24), ref: 00000001401781FF
NetStatisticsGet.NETAPI32(?,?,?,0000000140139D24), ref: 000000014017823E
FreeLibrary.KERNEL32 ref: 000000014017826A
GetProcAddress.KERNEL32 ref: 000000014017827F
GetProcAddress.KERNEL32 ref: 0000000140178292
GetProcAddress.KERNEL32 ref: 00000001401782A5
FreeLibrary.KERNEL32 ref: 00000001401783A9
LoadLibraryW.KERNEL32 ref: 00000001401783C3
GetProcAddress.KERNEL32 ref: 00000001401783DF
GetProcAddress.KERNEL32 ref: 00000001401783F2
GetProcAddress.KERNEL32 ref: 0000000140178405
FreeLibrary.KERNEL32 ref: 0000000140178493
GetProcAddress.KERNEL32 ref: 00000001401784B5
GetProcAddress.KERNEL32 ref: 00000001401784C8
GetProcAddress.KERNEL32 ref: 00000001401784E0
GetProcAddress.KERNEL32 ref: 00000001401784F5
GetProcAddress.KERNEL32 ref: 0000000140178510
GetProcAddress.KERNEL32 ref: 0000000140178523
GetProcAddress.KERNEL32 ref: 0000000140178540
GetProcAddress.KERNEL32 ref: 000000014017855A
GetProcAddress.KERNEL32 ref: 0000000140178574
GetProcAddress.KERNEL32 ref: 000000014017858E
GetProcAddress.KERNEL32 ref: 00000001401785A8
GetProcAddress.KERNEL32 ref: 00000001401785BF
CreateToolhelp32Snapshot.KERNEL32(?,?,?,0000000140139D24), ref: 0000000140178650
GetTickCount.KERNEL32 ref: 0000000140178690
Heap32ListFirst.KERNEL32 ref: 00000001401786A7
Heap32First.KERNEL32 ref: 0000000140178735
Heap32Next.KERNEL32 ref: 0000000140178765
GetTickCount.KERNEL32 ref: 0000000140178770
Heap32ListNext.KERNEL32 ref: 00000001401787C7
GetTickCount.KERNEL32 ref: 00000001401787D7
GetTickCount.KERNEL32 ref: 0000000140178807
Process32First.KERNEL32 ref: 000000014017881A
GetTickCount.KERNEL32 ref: 000000014017885E
GetTickCount.KERNEL32 ref: 000000014017887D
FreeLibrary.KERNEL32 ref: 0000000140178980
GlobalMemoryStatus.KERNEL32 ref: 0000000140178993
GetCurrentProcessId.KERNEL32 ref: 00000001401789B3

Strings

Heap32Next, xrefs: 00000001401784EB
CryptAcquireContextW, xrefs: 0000000140178275
LanmanWorkstation, xrefs: 00000001401781F6
KERNEL32.DLL, xrefs: 0000000140178182
NetStatisticsGet, xrefs: 00000001401781B2
CryptGenRandom, xrefs: 0000000140178288
GetForegroundWindow, xrefs: 00000001401783D5
Heap32First, xrefs: 00000001401784D6
CloseToolhelp32Snapshot, xrefs: 00000001401784BE
Module32First, xrefs: 000000014017859C
Thread32First, xrefs: 0000000140178568
Thread32Next, xrefs: 0000000140178582
NetApiBufferFree, xrefs: 00000001401781C5
Heap32ListNext, xrefs: 0000000140178519
Process32First, xrefs: 0000000140178534
, xrefs: 0000000140178680
GetCursorInfo, xrefs: 00000001401783E8
Intel Hardware Cryptographic Service Provider, xrefs: 0000000140178337
USER32.DLL, xrefs: 00000001401783BC
CryptReleaseContext, xrefs: 000000014017829B
CreateToolhelp32Snapshot, xrefs: 00000001401784AB
NETAPI32.DLL, xrefs: 0000000140178194
8, xrefs: 0000000140178712
LanmanServer, xrefs: 0000000140178235
GetQueueStatus, xrefs: 00000001401783FB
ADVAPI32.DLL, xrefs: 0000000140178172
Module32Next, xrefs: 00000001401785B3
Heap32ListFirst, xrefs: 0000000140178506
Process32Next, xrefs: 000000014017854E

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: AddressProc$Library$CountTick$FreeHeap32Load$First$ListNextStatistics$CreateCurrentGlobalMemoryProcessProcess32SnapshotStatusToolhelp32
String ID: $8$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
API String ID: 2857262387-3355579026
Opcode ID: 7b9cf4b1b85eb4f68d6c7ac4d3fb3aff7cb55ea4619f5ba740fb30fbe50c4049
Instruction ID: 45b83d6683cd265badd8ffbec4ee73ab4b2027f4a0333e194734f22476d4e9bb
Opcode Fuzzy Hash: 7b9cf4b1b85eb4f68d6c7ac4d3fb3aff7cb55ea4619f5ba740fb30fbe50c4049
Instruction Fuzzy Hash: C9322F36259B8182EB62DB27E8447DA73A5FB8CB80F544216EF8A437B4DF78C549C740

Function 0000000140015E4C Relevance: 21.6, APIs: 10, Strings: 1, Instructions: 2397processsynchronizationnetworkCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32 ref: 000000014001764B
GetCurrentProcessId.KERNEL32 ref: 0000000140017A1D

Part of subcall function 000000014000D818: __std_exception_destroy.LIBVCRUNTIME ref: 000000014000DD47

CreateProcessA.KERNEL32 ref: 000000014001885A
WaitForSingleObject.KERNEL32 ref: 00000001400188A1
CloseHandle.KERNEL32 ref: 00000001400188BD
CloseHandle.KERNEL32 ref: 00000001400188CA
WSACleanup.WS2_32 ref: 0000000140018AE4
DeleteCriticalSection.KERNEL32 ref: 0000000140018B7B
__tlregdtor.LIBCMT ref: 0000000140018BD9
__tlregdtor.LIBCMT ref: 0000000140018C15

Strings

|{W7^Z=, xrefs: 0000000140017ED2

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CloseHandleProcess__tlregdtor$CleanupCreateCriticalCurrentDeleteFileModuleNameObjectSectionSingleWait__std_exception_destroy
String ID: |{W7^Z=
API String ID: 4232746382-1318105493
Opcode ID: c3a6cb68ec4134e8421f17c0da25f04b4bc1da5ab05e0136782251f7c9d30dc2
Instruction ID: e6b732edf7675d0acec285336ca9eb570a6f67694fc5b078e26e9d796999d4af
Opcode Fuzzy Hash: c3a6cb68ec4134e8421f17c0da25f04b4bc1da5ab05e0136782251f7c9d30dc2
Instruction Fuzzy Hash: 213303B6B00B8086FB0ACBA7E859BE937A1A75DBD4F045126EF1D573B5DA7CC1418B00

Function 0000000140139AA0 Relevance: 14.1, Strings: 11, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.\crypto\rand\md_rand.c, xrefs: 0000000140139CB8
.\crypto\rand\md_rand.c, xrefs: 0000000140139E26
.\crypto\rand\md_rand.c, xrefs: 000000014013A100
.\crypto\rand\md_rand.c, xrefs: 000000014013A18D
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html, xrefs: 000000014013A19F
gfff, xrefs: 0000000140139C93
.\crypto\rand\md_rand.c, xrefs: 000000014013A153
...................., xrefs: 0000000140139D93
.\crypto\rand\md_rand.c, xrefs: 0000000140139CCF
.\crypto\rand\md_rand.c, xrefs: 0000000140139CF6
.\crypto\rand\md_rand.c, xrefs: 000000014013A1BD

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: ....................$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html$gfff
API String ID: 0-2212194600
Opcode ID: af3defd02626fe9b91dd3f428e925fe94fe727e342ebd9a09665b419132212e0
Instruction ID: aab4a8721e91d5e1c5bb9fc1dbd1c87046ea92a286197f4cbefc20aad2f62552
Opcode Fuzzy Hash: af3defd02626fe9b91dd3f428e925fe94fe727e342ebd9a09665b419132212e0
Instruction Fuzzy Hash: 28F1F032704A9059FB17DB37D8107ED3BA1A70CB88F840126DB599BAE6EA7DC54BC740

Function 00000001400011E6 Relevance: 13.0, APIs: 8, Instructions: 990
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd1bc887088722a0ab3e522326761b0973afaa485d68479d3ddb491d7a48c8f2
Instruction ID: 1d9fd5699516c5df493cdbcab50d1ae29b0b52c3d97f2df79957dc3d133d9a7b
Opcode Fuzzy Hash: dd1bc887088722a0ab3e522326761b0973afaa485d68479d3ddb491d7a48c8f2
Instruction Fuzzy Hash: F1A2C1B1B01A4482EF0ACBA7F869BE677A5A79CBC4F005026DF1E573B5DABCC5518340

Function 0000000140139AC0 Relevance: 12.9, Strings: 10, Instructions: 376
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.\crypto\rand\md_rand.c, xrefs: 0000000140139CB8
.\crypto\rand\md_rand.c, xrefs: 0000000140139E26
.\crypto\rand\md_rand.c, xrefs: 000000014013A100
.\crypto\rand\md_rand.c, xrefs: 000000014013A18D
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html, xrefs: 000000014013A19F
gfff, xrefs: 0000000140139C93
.\crypto\rand\md_rand.c, xrefs: 000000014013A153
...................., xrefs: 0000000140139D93
.\crypto\rand\md_rand.c, xrefs: 0000000140139CCF
.\crypto\rand\md_rand.c, xrefs: 0000000140139CF6

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: ....................$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$.\crypto\rand\md_rand.c$You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html$gfff
API String ID: 0-3860068229
Opcode ID: 7e775fa85225b12a715f330805ce817a30149904e5b15fe38430ee43ca9de702
Instruction ID: 67b3099dc2fb6bf744e36a1c4ac6d3ff289d89d67a0bb2ebb7b1a5016b25cbbb
Opcode Fuzzy Hash: 7e775fa85225b12a715f330805ce817a30149904e5b15fe38430ee43ca9de702
Instruction Fuzzy Hash: B7F10132704A9058FB17DB36D8107ED3BB1A70CB88F840126DB595BAE6EA7DC54BC700

Function 00000001400016B8 Relevance: 12.7, APIs: 8, Instructions: 743
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400019DA
WideCharToMultiByte.KERNEL32 ref: 0000000140001CA2

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: bbd20068c844946be9ca1ad0c154d16049b037c88f59d69a27a5b18c4913a417
Instruction ID: de2ad73fa64863ab10b9dd6c4b1f862a82e49aa4191f487cc8cfd40cf0a0e439
Opcode Fuzzy Hash: bbd20068c844946be9ca1ad0c154d16049b037c88f59d69a27a5b18c4913a417
Instruction Fuzzy Hash: 5F72D2F1B00A4482EB0ACBA7F869BE677A1A79CBC4F005016DF4E577B5DABCC5918340

Function 0000000140001836 Relevance: 12.7, APIs: 8, Instructions: 700
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400019DA
WideCharToMultiByte.KERNEL32 ref: 0000000140001CA2

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: c76ea03f335d1dae144c6365d5ddd303051fafcc24ed026f13605434ca9d2035
Instruction ID: 790a66e41c7ff952a568f8347ab93f18980377ea5bfee1603c05c7d33a5d5ecd
Opcode Fuzzy Hash: c76ea03f335d1dae144c6365d5ddd303051fafcc24ed026f13605434ca9d2035
Instruction Fuzzy Hash: 3372E3F5B00A4482EB0ACBA7F869BE677A1A79CBC4F005026DF4E577B5DABCC5518340

Function 0000000140001002 Relevance: 11.3, APIs: 7, Instructions: 782
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000000140076A24: GetUserNameW.ADVAPI32 ref: 0000000140076B4B

__tlregdtor.LIBCMT ref: 0000000140002773

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: NameUser__tlregdtor
String ID:
API String ID: 3813061616-0
Opcode ID: de3c2b7b8c94b2672832195fe9bdcfdeac2a87f3394244b71c6552111b546a40
Instruction ID: 9a07ee4da818ef7683a40e0368ce0afc671009bc1d602244dbdae262c3d7790d
Opcode Fuzzy Hash: de3c2b7b8c94b2672832195fe9bdcfdeac2a87f3394244b71c6552111b546a40
Instruction Fuzzy Hash: 4D82B3B1B10B4482EB0ACB67F869BE677A5A79CBC4F005026DF5E573B5DABCC1918340

Function 000000014007792F Relevance: 5.9, APIs: 3, Instructions: 1414
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__tlregdtor.LIBCMT ref: 000000014007934E
__tlregdtor.LIBCMT ref: 0000000140079381
__tlregdtor.LIBCMT ref: 00000001400793B4

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __tlregdtor
String ID:
API String ID: 1373327856-0
Opcode ID: d0821923de0749a58d2dae267cce24f3cfca50596c98337e0503b33d50ce03de
Instruction ID: d3f1352e7d57d7b52e975a579eba9e14f04710bb922e269df5ae257ea90edd7c
Opcode Fuzzy Hash: d0821923de0749a58d2dae267cce24f3cfca50596c98337e0503b33d50ce03de
Instruction Fuzzy Hash: 81E2AFB2B00A4486EB0ACB67E89A7E977A4A35DBD4F005116EF19477B6DE78C191CB00

Function 00000001400810AC Relevance: 5.1, APIs: 3, Instructions: 590
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASetLastError.WS2_32 ref: 0000000140081304
getaddrinfo.WS2_32 ref: 0000000140081319
freeaddrinfo.WS2_32 ref: 0000000140081BD4

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLastfreeaddrinfogetaddrinfo
String ID:
API String ID: 1817844550-0
Opcode ID: 5f98f1503a413b367c0a1ab3dd0ccf8d2eab6a573cc75961306e742b77efd576
Instruction ID: 232670577ab4a057394e773053d3e5666bb38d9ef9d0b3d1a6da5bb050d3337e
Opcode Fuzzy Hash: 5f98f1503a413b367c0a1ab3dd0ccf8d2eab6a573cc75961306e742b77efd576
Instruction Fuzzy Hash: 6842E5B6B1064086EF0A8BA7E859BE57765B79DBC0F005026EF1E577B5DEBCC1818B00

Function 0000000140008684 Relevance: 1.8, APIs: 1, Instructions: 319COMMONLIBRARYCODE

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140008AB7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 4c6b2ecf92db35f5daeb2ec1955b03c7b4b02e245513d1f1795f2a36c36f84a5
Instruction ID: ac51a4c0a5b6273ba78f0e2c711f650048d5e226c509dcbb5505a9fb0bf60495
Opcode Fuzzy Hash: 4c6b2ecf92db35f5daeb2ec1955b03c7b4b02e245513d1f1795f2a36c36f84a5
Instruction Fuzzy Hash: D8D123B1B0061182EE19EBA7F85A7E9AB64B75DBD0F40A126EF1D573F5DA78C1428300

Function 0000000140076A24 Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 0000000140076B4B

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 70234d992200bef5ede8c399ecbd929ec39c4057eb272f14791b578df6667ee4
Instruction ID: d845ed1608fcc8468cd50669a00e0001ba137e564439ff5f5f1b053f8599c79f
Opcode Fuzzy Hash: 70234d992200bef5ede8c399ecbd929ec39c4057eb272f14791b578df6667ee4
Instruction Fuzzy Hash: 5251E7B270024096E71E9B67EC5A7F573A5AB5C7D4F0490269B1A877F1EF7CC0828B00

Function 0000000140014F93 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8104e3a8aaf5cb4251fc5d5a8f30a9772a39b0581a234b60f7d029b95c50c36
Instruction ID: 73bfca6926b1f0fae71acb6f4426199c7d7fc8ac1e20c96019a951f8b2c3cc02
Opcode Fuzzy Hash: a8104e3a8aaf5cb4251fc5d5a8f30a9772a39b0581a234b60f7d029b95c50c36
Instruction Fuzzy Hash: 9541F232B10B9086F7168B36E945BEA77A1F79A390F009211DB99037F6CF7891A2C350

Function 00000001400155EB Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: cd397200433f6aca7d4c64f1d3bf84d85ab02916d51e859c21db3ac032e18084
Instruction ID: 7554c43817d4a437e26627f3d1e84c16ddc347c1ca05a24238ef69a3fd338e4f
Opcode Fuzzy Hash: cd397200433f6aca7d4c64f1d3bf84d85ab02916d51e859c21db3ac032e18084
Instruction Fuzzy Hash: 9F51D2B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 00000001400155F9 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 5856195f7984939d8c7f55110881d87bb5d237edd4bb82879b2808e065f8f091
Instruction ID: e7b522f8456e394c76c875634a8d6002ed15abfb222172f1ba9206ffe13f2109
Opcode Fuzzy Hash: 5856195f7984939d8c7f55110881d87bb5d237edd4bb82879b2808e065f8f091
Instruction Fuzzy Hash: 4951E3B2B0060081FF0ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 0000000140015607 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: b4281ec46ff9f99640f7b9c78d79810c8d5485f793fe4f8be7550efdad7024cd
Instruction ID: 2c9ffc6c95426bb7bbb8c44e4a9bc6cba706171fa14629244cf1670ae5efc2de
Opcode Fuzzy Hash: b4281ec46ff9f99640f7b9c78d79810c8d5485f793fe4f8be7550efdad7024cd
Instruction Fuzzy Hash: DD51D3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 0000000140015615 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 97d8d2fb6b2044ed749a2d0890ae284177d393640c5fe1400851c4fd9184d4aa
Instruction ID: 4f08b77fe39e3a7e90a535de1bdfb08ed6575ebfbfae793d26b2289335c78156
Opcode Fuzzy Hash: 97d8d2fb6b2044ed749a2d0890ae284177d393640c5fe1400851c4fd9184d4aa
Instruction Fuzzy Hash: BF51E3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 0000000140015623 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 39cd1cf59f275675a15ee4e4aef6212b51edd81c8d08e6cdbae4e95f01136120
Instruction ID: 81a4c933dd4e5174f0029878c97d91a403991f370b51bde4c704c3c5d2b52829
Opcode Fuzzy Hash: 39cd1cf59f275675a15ee4e4aef6212b51edd81c8d08e6cdbae4e95f01136120
Instruction Fuzzy Hash: 7151D2B2B0060081FF1ADB67F99ABE96365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 0000000140015631 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: b26a55ecae568122d3093234b11c7c680dec2bcb97eb8323634b2d5bf74acd5d
Instruction ID: 0b2244c420b313122b7b962d7f53e9e900f8d5012f5529163ca9e937ceac45c0
Opcode Fuzzy Hash: b26a55ecae568122d3093234b11c7c680dec2bcb97eb8323634b2d5bf74acd5d
Instruction Fuzzy Hash: 5451D2B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5BBB5DABCC1918340

Function 000000014001563F Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 71a1c2008bd7029a4a9e26faef1bfeb1af58e52855843ab3f25ba4464aba2202
Instruction ID: a40a4e236c0d64409b5295841ac3346c2506bd51f134ff05b532bd71c7d1a9b6
Opcode Fuzzy Hash: 71a1c2008bd7029a4a9e26faef1bfeb1af58e52855843ab3f25ba4464aba2202
Instruction Fuzzy Hash: 7851D2B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 000000014001564D Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 9bfa69823f0063d34bbb15fb5f30bc53d06a6272afd3711c3c3500800cbc137c
Instruction ID: faa5b74b43951306df4ee357b430d78ba2d1a2d3064ec8668f36458de4fc67a6
Opcode Fuzzy Hash: 9bfa69823f0063d34bbb15fb5f30bc53d06a6272afd3711c3c3500800cbc137c
Instruction Fuzzy Hash: F251D3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 000000014001565B Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 2c86ccbc9c72fe92dc7e7fba36906f64c05e2ee16f968495eca6236677c28bc2
Instruction ID: 385a4f370b9dd41ff893a5bfd61f728697c2bbb16178d0ce803f32fecaf8075a
Opcode Fuzzy Hash: 2c86ccbc9c72fe92dc7e7fba36906f64c05e2ee16f968495eca6236677c28bc2
Instruction Fuzzy Hash: B951D3B2B0060081FF1ADB67F99ABE96365AB5C7C4F049412DF1E5BBB5DABCC1918340

Function 0000000140015669 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 5856195f7984939d8c7f55110881d87bb5d237edd4bb82879b2808e065f8f091
Instruction ID: e85bc5178b08f0dd6ce3b2bfbe3d64718ad718ddf537cbe557988696183e61bc
Opcode Fuzzy Hash: 5856195f7984939d8c7f55110881d87bb5d237edd4bb82879b2808e065f8f091
Instruction Fuzzy Hash: F551E3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 00000001400156D0 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: bb8a7df1ef3be9e51f6d63d2073400bd514cb3060ff214af43a512e429f6a41f
Instruction ID: d5aa4804ee30b0479f975e723b5c1c0352a2be176e8dea52e8b4b298da43736e
Opcode Fuzzy Hash: bb8a7df1ef3be9e51f6d63d2073400bd514cb3060ff214af43a512e429f6a41f
Instruction Fuzzy Hash: 6751E3B2B0060081FF0ADB67F99ABE56365AB5C7C4F049412DF1E5BBB5DABCC1918340

Function 00000001400156DE Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 0cacd793883a4a5522fae21c2cd4f49cc69a1a8f3e36a5805f9c1c1fadc0c262
Instruction ID: 515e5e38915f7ae2c887f1ecedca92cd2ee395deb7fdf9e714434e44fb56515e
Opcode Fuzzy Hash: 0cacd793883a4a5522fae21c2cd4f49cc69a1a8f3e36a5805f9c1c1fadc0c262
Instruction Fuzzy Hash: 1F51D3B2B0060081FF1ADB67F99ABE96365AB5C7C4F049412DF1E5BBB5DABCC1918340

Function 000000014001574B Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: c1f7ada0e883f141b8fde4b4dfbe3e1213e4e8618490a940bb4e64d32ae093bf
Instruction ID: 404f1f455e979c2417b2d5019bd1a145c93d02ccbe1a2cb0c0366ec55be71d25
Opcode Fuzzy Hash: c1f7ada0e883f141b8fde4b4dfbe3e1213e4e8618490a940bb4e64d32ae093bf
Instruction Fuzzy Hash: 4E51D3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 0000000140015759 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 96b507f1615d4c1cf2861a463512f1838817a3b34118d10af874fb9611fc2e5e
Instruction ID: 7f3dcb7f3d113ff95b42ef1297032656bfe8e2e22640a73c02eb16d60e1fcd70
Opcode Fuzzy Hash: 96b507f1615d4c1cf2861a463512f1838817a3b34118d10af874fb9611fc2e5e
Instruction Fuzzy Hash: 7F51D3B2B0060081FF1ADB67F99ABE56365AB5C7C4F049412DF1E5B7B5DABCC1918340

Function 00000001400157E0 Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140015AD7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 31435540b9fc355420930b2ef6a255f9be8ad27209518ac65697a7c507b1d5e7
Instruction ID: fb7ccf0d5184e634063818f1ac7c9032da3fe6549a710c5aeac9aed5f4972c51
Opcode Fuzzy Hash: 31435540b9fc355420930b2ef6a255f9be8ad27209518ac65697a7c507b1d5e7
Instruction Fuzzy Hash: 9B51E3B2B0060081FF0ADB67F999BE56365AB5C7C4F04A412DF1E5BBB5DABCC1918340

Function 000000014000853C Relevance: 1.6, APIs: 1, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00000001400085B3

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: 557a4345bf138ba88ff9b3febdcdb3ce4909f19a79a19a8d4a43576e87cc3afc
Instruction ID: ed2daad39be11a53fe2f1fe0b729059af6c337039c8f71ae1b2356c495d314e0
Opcode Fuzzy Hash: 557a4345bf138ba88ff9b3febdcdb3ce4909f19a79a19a8d4a43576e87cc3afc
Instruction Fuzzy Hash: 8C214872701A4186EA66DF2BFC957E93770A7987A0F909216AF8A473F1DE78C4818704

Function 000000014001294F Relevance: 1.5, APIs: 1, Instructions: 39networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00000001400129D7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 32c0797ef3d955d9ea089b89863efd9e5083ebe5dbdea8e746002c49809da2e6
Instruction ID: c5a26296cca6ca71f10ba46741ada90364e120ea5069d958f7777395a89b144d
Opcode Fuzzy Hash: 32c0797ef3d955d9ea089b89863efd9e5083ebe5dbdea8e746002c49809da2e6
Instruction Fuzzy Hash: FC015271B211108AFB5A9B37DC57FF432A0A7597A0F040169FB258B3F1D97C9551DA04

Function 00000001401BC814 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00000001401BC869

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: a7a520d82191c1886abd4491c2517cf7f0f7ccbeca8f6fa5f1c3d5758e04cf27
Instruction ID: b31a5d1a827faf2e93c596ddfd614da5ea4f5170ad805f602b457a1b1934e7ef
Opcode Fuzzy Hash: a7a520d82191c1886abd4491c2517cf7f0f7ccbeca8f6fa5f1c3d5758e04cf27
Instruction Fuzzy Hash: 66F09A34321B8481FE9B6BA399403E512F51B9DF80F0C80354B1A8A3F2EF7CC9A18220

Function 00000001401BA51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00000001401BA55A

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 1367fe6806686e4fad88bac123ea24838e6a30b635dd2dd1d95b2bcb6922bbc0
Instruction ID: 60d24be54c2568f853ea1faa84eb3f64a6e10152515005b50940b4e82e81565c
Opcode Fuzzy Hash: 1367fe6806686e4fad88bac123ea24838e6a30b635dd2dd1d95b2bcb6922bbc0
Instruction Fuzzy Hash: 7DF01C70701A4445FE769B6368517E961E45B8CFB0F8846216F278A3E6DB7CC6918620

Non-executed Functions

Function 00000001401A6554 Relevance: 47.4, APIs: 23, Strings: 3, Instructions: 1875COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00000001401A728C
memcpy_s.LIBCPMT ref: 00000001401A74CC
memcpy_s.LIBCPMT ref: 00000001401A781C
memcpy_s.LIBCPMT ref: 00000001401A7857
memcpy_s.LIBCPMT ref: 00000001401A78F1
memcpy_s.LIBCPMT ref: 00000001401A7A0B
memcpy_s.LIBCPMT ref: 00000001401A7AB6
memcpy_s.LIBCPMT ref: 00000001401A7B01
memcpy_s.LIBCPMT ref: 00000001401A7BCE
memcpy_s.LIBCPMT ref: 00000001401A7D57
memcpy_s.LIBCPMT ref: 00000001401A7DCE
memcpy_s.LIBCPMT ref: 00000001401A7E13
memcpy_s.LIBCPMT ref: 00000001401A7EC5
memcpy_s.LIBCPMT ref: 00000001401A7FF2
memcpy_s.LIBCPMT ref: 00000001401A7326

Part of subcall function 00000001401A5A14: _invalid_parameter_noinfo.LIBCMT ref: 00000001401A5A46

memcpy_s.LIBCPMT ref: 00000001401A7729
memcpy_s.LIBCPMT ref: 00000001401A81C2

Strings

, xrefs: 00000001401A7F72
MZx, xrefs: 00000001401A6587, 00000001401A6789, 00000001401A6B04, 00000001401A6BC9, 00000001401A6C80, 00000001401A6CCC, 00000001401A7068, 00000001401A7392, 00000001401A73C7, 00000001401A776A, 00000001401A7967, 00000001401A799C, 00000001401A7D9A
, xrefs: 00000001401A809F

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: memcpy_s$_invalid_parameter_noinfo
String ID: $ $MZx
API String ID: 2880407647-1186325740
Opcode ID: 4e555fd7d505f8ce52228e480e677a67f200d1fd64c38e2e08a1116b34b71dce
Instruction ID: 8b1f863cf0479316226b97b02b850c72053b4bd0412b7437d84c40544c9e80cf
Opcode Fuzzy Hash: 4e555fd7d505f8ce52228e480e677a67f200d1fd64c38e2e08a1116b34b71dce
Instruction Fuzzy Hash: 4C0390B22102C18BE77ACE26D944BE937E5F398B8CF445115EB065BBA9D734CA84CF40

Function 000000014010E6A0 Relevance: 34.1, Strings: 27, Instructions: 389COMMON

Download Yara Rule

Strings

.\crypto\ec\ec_asn1.c, xrefs: 000000014010E975
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EC48
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EB70
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EBAC
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E753
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E88F
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E789
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EC1C
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E932
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E824
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EA97
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E9CA
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EB48
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E9A7
.\crypto\ec\ec_asn1.c, xrefs: 000000014010ECA4
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E7CC
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EA08
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EC31
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EA43
.\crypto\ec\ec_asn1.c, xrefs: 000000014010ECB5
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EC76
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EBFB
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E7F3
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EC8D
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E861
.\crypto\ec\ec_asn1.c, xrefs: 000000014010E95D
.\crypto\ec\ec_asn1.c, xrefs: 000000014010EA6F

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c$.\crypto\ec\ec_asn1.c
API String ID: 0-3819944033
Opcode ID: 07dbfd967ada513bc99187cca1fcff5326652e5cde21ff6e097a1f5b4ec2d2e9
Instruction ID: 0dc71b462c61ceb0690a75b83eabaf75eeb4ccad793a65465c08df5b510ee45a
Opcode Fuzzy Hash: 07dbfd967ada513bc99187cca1fcff5326652e5cde21ff6e097a1f5b4ec2d2e9
Instruction Fuzzy Hash: CA0269B230464486FA26DF13D594BEA67E0F78CF84F44892AEB8D47BA1DB79C944C740

Function 00000001400E27F0 Relevance: 30.7, Strings: 24, Instructions: 734COMMON

Download Yara Rule

Strings

.\ssl\s3_srvr.c, xrefs: 00000001400E2BBE
.\ssl\s3_srvr.c, xrefs: 00000001400E3380
.\ssl\s3_srvr.c, xrefs: 00000001400E2A14
.\ssl\s3_srvr.c, xrefs: 00000001400E2BFE
.\ssl\s3_srvr.c, xrefs: 00000001400E33AE
.\ssl\s3_srvr.c, xrefs: 00000001400E2EA7
.\ssl\s3_srvr.c, xrefs: 00000001400E327F
.\ssl\s3_srvr.c, xrefs: 00000001400E2D1B
.\ssl\s3_srvr.c, xrefs: 00000001400E2975
.\ssl\s3_srvr.c, xrefs: 00000001400E2ABE
.\ssl\s3_srvr.c, xrefs: 00000001400E2B5C
.\ssl\s3_srvr.c, xrefs: 00000001400E335D
.\ssl\s3_srvr.c, xrefs: 00000001400E3371
.\ssl\s3_srvr.c, xrefs: 00000001400E29D3
.\ssl\s3_srvr.c, xrefs: 00000001400E2AF4
.\ssl\s3_srvr.c, xrefs: 00000001400E2C51
.\ssl\s3_srvr.c, xrefs: 00000001400E2A54
.\ssl\s3_srvr.c, xrefs: 00000001400E2CB2
.\ssl\s3_srvr.c, xrefs: 00000001400E299F
.\ssl\s3_srvr.c, xrefs: 00000001400E2CF9
.\ssl\s3_srvr.c, xrefs: 00000001400E321F
.\ssl\s3_srvr.c, xrefs: 00000001400E28CE
.\ssl\s3_srvr.c, xrefs: 00000001400E291A
.\ssl\s3_srvr.c, xrefs: 00000001400E3177

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c$.\ssl\s3_srvr.c
API String ID: 0-391739600
Opcode ID: 9570a432e838f7672fb7559151c37d5e20be5729ba86f91d36c7d85c4d9e4f9d
Instruction ID: 7dda97c1abaf183e5f9831fab307fef0de2a4f80b4348c94ddd65fbb7e2335e0
Opcode Fuzzy Hash: 9570a432e838f7672fb7559151c37d5e20be5729ba86f91d36c7d85c4d9e4f9d
Instruction Fuzzy Hash: D172AA7231968086FB66CB26D4447EE27A1F78CBD8F444025EF8E67BA5DB39C905C780

Function 0000000140152480 Relevance: 21.8, Strings: 17, Instructions: 537COMMON

Download Yara Rule

Strings

.\crypto\conf\conf_def.c, xrefs: 0000000140152572
.\crypto\conf\conf_def.c, xrefs: 0000000140152556
.\crypto\conf\conf_def.c, xrefs: 0000000140152A6E
.\crypto\conf\conf_def.c, xrefs: 0000000140152524
.\crypto\conf\conf_def.c, xrefs: 000000014015295A
.\crypto\conf\conf_def.c, xrefs: 0000000140152C38
%ld, xrefs: 0000000140152AB8
.\crypto\conf\conf_def.c, xrefs: 0000000140152C4E
.\crypto\conf\conf_def.c, xrefs: 00000001401529A6
.\crypto\conf\conf_def.c, xrefs: 0000000140152BE7
.\crypto\conf\conf_def.c, xrefs: 0000000140152C27
.\crypto\conf\conf_def.c, xrefs: 00000001401524E0
.\crypto\conf\conf_def.c, xrefs: 0000000140152BA0
default, xrefs: 0000000140152503
line , xrefs: 0000000140152AD8
.\crypto\conf\conf_def.c, xrefs: 0000000140152C07
.\crypto\conf\conf_def.c, xrefs: 00000001401527EE

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: %ld$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$.\crypto\conf\conf_def.c$default$line
API String ID: 0-2517109697
Opcode ID: ca5dc48d8556000b08b7d2956d3a54e1a77d5e6acb7593704cdced113736ebd0
Instruction ID: c9f618f280e028c9320a00228112e23a7adc430ed0fc9288dfa9645cb15c8872
Opcode Fuzzy Hash: ca5dc48d8556000b08b7d2956d3a54e1a77d5e6acb7593704cdced113736ebd0
Instruction Fuzzy Hash: 5E22EE732046A486EB678B2390547ED7BE0AB5AF84F4C4415EF8A0B7E6EB7EC545C700

Function 0000000140136430 Relevance: 19.2, Strings: 15, Instructions: 439COMMON

Download Yara Rule

Strings

IV block, xrefs: 00000001401369F7
.\ssl\t1_enc.c, xrefs: 0000000140136B8C
.\ssl\t1_enc.c, xrefs: 00000001401365AD
client write key, xrefs: 0000000140136836
, xrefs: 0000000140136A4D
.\ssl\t1_enc.c, xrefs: 0000000140136BF0
.\ssl\t1_enc.c, xrefs: 0000000140136B15
.\ssl\t1_enc.c, xrefs: 0000000140136501
server write key, xrefs: 0000000140136810
.\ssl\t1_enc.c, xrefs: 0000000140136585
.\ssl\t1_enc.c, xrefs: 0000000140136B3D
.\ssl\t1_enc.c, xrefs: 0000000140136A8C
, xrefs: 0000000140136A40
.\ssl\t1_enc.c, xrefs: 00000001401366E3
.\ssl\t1_enc.c, xrefs: 0000000140136874

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: $ $.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$.\ssl\t1_enc.c$IV block$client write key$server write key
API String ID: 0-2697320032
Opcode ID: 6618e4f939296d5178969a1004cf50f46658c405356dfe9dcfe2abf82bb36f1a
Instruction ID: 1fe778c54c5d28e0303fd0e4b6181e00bf3a2f5989c850425f53d6451cb4cafe
Opcode Fuzzy Hash: 6618e4f939296d5178969a1004cf50f46658c405356dfe9dcfe2abf82bb36f1a
Instruction Fuzzy Hash: 48224C72204B8486FB76DF26E4507EA77A0F788B84F44812ADB8D57BA9DF38C545CB40

Function 000000014001000E Relevance: 18.5, APIs: 12, Instructions: 536synchronizationCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00000001400101D8
GetLastError.KERNEL32 ref: 00000001400101FE
__std_exception_destroy.LIBVCRUNTIME ref: 000000014001045B
CreateEventW.KERNEL32 ref: 00000001400104A3
GetLastError.KERNEL32 ref: 00000001400104D0
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140010740
GetLastError.KERNEL32 ref: 00000001400107DA
CloseHandle.KERNEL32 ref: 000000014001081E
CloseHandle.KERNEL32 ref: 0000000140010839
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140010A56
WaitForSingleObject.KERNEL32 ref: 0000000140010A88
CloseHandle.KERNEL32 ref: 0000000140010A91

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CloseErrorHandleLast__std_exception_destroy$CreateEvent$ObjectSingleWait
String ID:
API String ID: 2681826845-0
Opcode ID: 1350fb96317e54cc95a1b285757c260721d3d8de825bed95a2ee17b9dc09002a
Instruction ID: 760b7c267107452379ebae1b04c9ddf2c85950601a6df2b3b451616bc1838feb
Opcode Fuzzy Hash: 1350fb96317e54cc95a1b285757c260721d3d8de825bed95a2ee17b9dc09002a
Instruction Fuzzy Hash: 1442D2B6B1060086EF0ADB77E85ABE473A5BB8CBD4F405416DB2E477B4DEB8C2518740

Function 000000014017A720 Relevance: 14.0, Strings: 11, Instructions: 262COMMON

Download Yara Rule

Strings

.\crypto\cms\cms_enc.c, xrefs: 000000014017A8DD
.\crypto\cms\cms_enc.c, xrefs: 000000014017A84E
.\crypto\cms\cms_enc.c, xrefs: 000000014017A908
.\crypto\cms\cms_enc.c, xrefs: 000000014017A9EF
.\crypto\cms\cms_enc.c, xrefs: 000000014017A805
.\crypto\cms\cms_enc.c, xrefs: 000000014017A78E
.\crypto\cms\cms_enc.c, xrefs: 000000014017AA08
.\crypto\cms\cms_enc.c, xrefs: 000000014017AA6F
i, xrefs: 000000014017A842
.\crypto\cms\cms_enc.c, xrefs: 000000014017A91E
.\crypto\cms\cms_enc.c, xrefs: 000000014017AA30

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$.\crypto\cms\cms_enc.c$i
API String ID: 0-459413627
Opcode ID: a9df52a74be9c8e6164943a30b69251749caa8cdce1e30c19c5cca847887ab63
Instruction ID: f5f431eb34338f786da19b8f5b1960524f25cb24403388d057ffc3a692505618
Opcode Fuzzy Hash: a9df52a74be9c8e6164943a30b69251749caa8cdce1e30c19c5cca847887ab63
Instruction Fuzzy Hash: E7C1AD7A214A458AEB66EF23D4407DE73A0FB8CF88F910116FB4907AA5DF78C945CB40

Function 00000001400D47E0 Relevance: 13.2, Strings: 10, Instructions: 679COMMON

Download Yara Rule

Strings

.\crypto\x509\x509_vfy.c, xrefs: 00000001400D492A
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D5235
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D4D56
OPENSSL_ALLOW_PROXY_CERTS, xrefs: 00000001400D4DE9
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D49FE
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D4B2B
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D4864
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D4817
@, xrefs: 00000001400D515F
.\crypto\x509\x509_vfy.c, xrefs: 00000001400D48E1

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$.\crypto\x509\x509_vfy.c$@$OPENSSL_ALLOW_PROXY_CERTS
API String ID: 0-1637729297
Opcode ID: fe852a3c5933c3d93a92c82e7a8eff281b9620bd002000a7f2dea7c4be1f7bf7
Instruction ID: 813882cf90397dbdae4e6380850c8ce37f81f56ef28697937f203f1274450f86
Opcode Fuzzy Hash: fe852a3c5933c3d93a92c82e7a8eff281b9620bd002000a7f2dea7c4be1f7bf7
Instruction Fuzzy Hash: C452913220478486EB629F26D4443EE33A1FB89BD8F544135EF49877A5EF34C846C761

Function 0000000140012192 Relevance: 12.1, APIs: 8, Instructions: 128synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32 ref: 0000000140012267
CloseHandle.KERNEL32 ref: 0000000140012279
QueueUserAPC.KERNEL32 ref: 00000001400122D8
WaitForSingleObject.KERNEL32 ref: 0000000140012300
TerminateThread.KERNEL32 ref: 000000014001232B
DeleteCriticalSection.KERNEL32 ref: 0000000140012373
CloseHandle.KERNEL32 ref: 000000014001238A
CloseHandle.KERNEL32 ref: 00000001400123B2

Part of subcall function 0000000140005460: PostQueuedCompletionStatus.KERNEL32 ref: 0000000140005576
Part of subcall function 0000000140005460: GetLastError.KERNEL32 ref: 00000001400055A8

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CloseHandle$Wait$CompletionCriticalDeleteErrorLastMultipleObjectObjectsPostQueueQueuedSectionSingleStatusTerminateThreadUser
String ID:
API String ID: 3440998551-0
Opcode ID: bbb3b2ee1bb749c813a34995e7daf61fcf0c2d5075747257f1b23c6eef4447a3
Instruction ID: fe5769ec1c8ff0d5135767182c2dd17b9bcbd7660ee6b48e1f0871a923bd71b6
Opcode Fuzzy Hash: bbb3b2ee1bb749c813a34995e7daf61fcf0c2d5075747257f1b23c6eef4447a3
Instruction Fuzzy Hash: DD51CF76F20640C6F72ADBB7E89ABE97361A35CB94F044115EB29077B0DF38C1968B00

Function 0000000140006860 Relevance: 10.9, APIs: 7, Instructions: 443networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00000001400069DD
WSAGetLastError.WS2_32 ref: 0000000140006A0B
closesocket.WS2_32 ref: 0000000140006A83
WSAGetLastError.WS2_32 ref: 0000000140006ACF
ioctlsocket.WS2_32 ref: 0000000140006FAC
closesocket.WS2_32 ref: 0000000140006FD5
WSAGetLastError.WS2_32 ref: 0000000140007008

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLast$closesocket$ioctlsocketsetsockopt
String ID:
API String ID: 136865605-0
Opcode ID: b59fac1f46d889eda4be1893c5d39040cb5677dab12c8fd20eb8f6ab35b33fd8
Instruction ID: 581c3ed8801fbb03107caf8cc3d594a4b7c7ac38d607d31fbecc07ecb2270ed0
Opcode Fuzzy Hash: b59fac1f46d889eda4be1893c5d39040cb5677dab12c8fd20eb8f6ab35b33fd8
Instruction Fuzzy Hash: D022CEB5B0065686FB0ADB6BF899BE57BA2A75DBC4F409016DA195B3F4CABCC0418700

Function 000000014011E160 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000000014011E17C
RtlCaptureContext.KERNEL32 ref: 000000014011E1A9
RtlLookupFunctionEntry.KERNEL32 ref: 000000014011E1C3
RtlVirtualUnwind.KERNEL32 ref: 000000014011E204
IsDebuggerPresent.KERNEL32 ref: 000000014011E258
SetUnhandledExceptionFilter.KERNEL32 ref: 000000014011E279
UnhandledExceptionFilter.KERNEL32 ref: 000000014011E284

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 8160c33cdaf76a8fd028e99f53debe45c9210074098a0110295d53d3ca2c929d
Instruction ID: dafee064c6fd9a5f81161d1bfd6cc31e17a7ca3acc1355179c43cfa8302e0ed3
Opcode Fuzzy Hash: 8160c33cdaf76a8fd028e99f53debe45c9210074098a0110295d53d3ca2c929d
Instruction Fuzzy Hash: 94314276205B808AEB65DF61E8907ED73A5F78CB44F44442ADB4E47BA5DF38C548C710

Function 00000001400AC074 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

__tlregdtor.LIBCMT ref: 00000001400ACF68
__tlregdtor.LIBCMT ref: 00000001400ACF9B
__tlregdtor.LIBCMT ref: 00000001400ACFCE
__tlregdtor.LIBCMT ref: 00000001400AD00A

Strings

%J+, xrefs: 00000001400AC24F

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __tlregdtor
String ID: %J+
API String ID: 1373327856-1227469880
Opcode ID: ffb7e850d26e53c94629eb1fd4c867fffd92d6f74c27066dae6405639169996e
Instruction ID: 03a3a8e8884670114af4e8a838a14911662e4970a84e2b097d61958faefbc9f2
Opcode Fuzzy Hash: ffb7e850d26e53c94629eb1fd4c867fffd92d6f74c27066dae6405639169996e
Instruction Fuzzy Hash: 3482B072710E4086FB0ADF67E8AABE977B1B39CB90F05551ADB1A477F5DA78C0418B00

Function 00000001401AE734 Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001401AE7AD
RtlLookupFunctionEntry.KERNEL32 ref: 00000001401AE7C5
RtlVirtualUnwind.KERNEL32 ref: 00000001401AE800
IsDebuggerPresent.KERNEL32 ref: 00000001401AE839
SetUnhandledExceptionFilter.KERNEL32 ref: 00000001401AE843
UnhandledExceptionFilter.KERNEL32 ref: 00000001401AE84E

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5015c87c48eac336bb0857599949773a70240528b47187b873bae68be289f9e9
Instruction ID: 047f25331f75f593721bf113babaeda13adb8edf8844678dd6e0970646b92005
Opcode Fuzzy Hash: 5015c87c48eac336bb0857599949773a70240528b47187b873bae68be289f9e9
Instruction Fuzzy Hash: DC313036214B8086EB65CF26E8907DE73A4F78CB54F54012AEB9D47BA5DF38C555CB00

Function 00000001400924DA Relevance: 7.9, APIs: 5, Instructions: 400networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32 ref: 00000001400925E7
WSAGetLastError.WS2_32 ref: 0000000140092632
setsockopt.WS2_32 ref: 0000000140092855
CreateIoCompletionPort.KERNEL32 ref: 00000001400928B8
GetLastError.KERNEL32 ref: 00000001400929D5

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLast$CompletionCreatePortSocketsetsockopt
String ID:
API String ID: 2140864122-0
Opcode ID: 859e9239b494a1f592b4229f4877018a6a0838d8ad51bb36644255ec92b5d86e
Instruction ID: aa6929638006bcbabc98938a4da8e171cb8e6ed82aaeaf7ec24023e9d879ac37
Opcode Fuzzy Hash: 859e9239b494a1f592b4229f4877018a6a0838d8ad51bb36644255ec92b5d86e
Instruction Fuzzy Hash: 0B12BCB2B10B4086EB5ACF6AE899BA973B5F75C784F009526DB1E877B4DB7CC0518700

Function 000000014003C444 Relevance: 7.6, APIs: 5, Instructions: 142COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014003C4CC
LeaveCriticalSection.KERNEL32 ref: 000000014003C50B
PostQueuedCompletionStatus.KERNEL32 ref: 000000014003C5B3
EnterCriticalSection.KERNEL32 ref: 000000014003C5DB
LeaveCriticalSection.KERNEL32 ref: 000000014003C638

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CompletionPostQueuedStatus
String ID:
API String ID: 3067750800-0
Opcode ID: 8958021d0e91aeb547de8156a59b1c4bedc44d91ae25119f62294071ec248bb2
Instruction ID: 370ca4ba006bd2aa712dfc148e7d34d5a03e9a46d6c55fd40b8287700090064c
Opcode Fuzzy Hash: 8958021d0e91aeb547de8156a59b1c4bedc44d91ae25119f62294071ec248bb2
Instruction Fuzzy Hash: 9D518C32B10B4086EB96CB77E885BAA33A4F75DB94F149115EF1D477A0DB38D0A28740

Function 00000001400082EA Relevance: 7.6, APIs: 5, Instructions: 121synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32 ref: 00000001400083EE
CloseHandle.KERNEL32 ref: 0000000140008400
QueueUserAPC.KERNEL32 ref: 000000014000845F
WaitForSingleObject.KERNEL32 ref: 0000000140008487

Part of subcall function 0000000140005460: PostQueuedCompletionStatus.KERNEL32 ref: 0000000140005576
Part of subcall function 0000000140005460: GetLastError.KERNEL32 ref: 00000001400055A8

TerminateThread.KERNEL32 ref: 00000001400084AC

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Wait$CloseCompletionErrorHandleLastMultipleObjectObjectsPostQueueQueuedSingleStatusTerminateThreadUser
String ID:
API String ID: 159344142-0
Opcode ID: c87d000a91a282d867c16830986d411f520a87b995cec48231879374aaf40954
Instruction ID: 11375ef9526f8921698b1ce4c0ddc3e56092817555f7e54bb7e2dfcf8b1bba49
Opcode Fuzzy Hash: c87d000a91a282d867c16830986d411f520a87b995cec48231879374aaf40954
Instruction Fuzzy Hash: 9451D0B6B11511CBF72AEF63F899BA577A5B78CBC4F448014EB0A077B4CA78D4918B00

Function 000000014001C454 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 1546COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 000000014001D5F8
MultiByteToWideChar.KERNEL32 ref: 000000014001D894

Strings

STOP, xrefs: 000000014001C86C, 000000014001E158
{, xrefs: 000000014001C873

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: STOP${
API String ID: 626452242-1874828600
Opcode ID: e1cd07c668be99d933655b2e523215d61b38924e5f2bc2dc4c2569c413530ac9
Instruction ID: 83060a6d0e57808f5990a321a7593ca8eba9b2f6edd3e5594713035dad2fdf6b
Opcode Fuzzy Hash: e1cd07c668be99d933655b2e523215d61b38924e5f2bc2dc4c2569c413530ac9
Instruction Fuzzy Hash: 7BE2C2B1B0179086FB0ACBABE895BE933A5A35DBE4F00502AEE1D477B5DA7CC151C740

Function 0000000140050429 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 423COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 0000000140050EE0
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140050EF7

Strings

G74g, xrefs: 0000000140050524

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID: G74g
API String ID: 2453523683-1851739009
Opcode ID: 731eeadebf531e67fa995ca900cabe6b80100e0cdae776af6b59f915dd3830c8
Instruction ID: b303564e2abc437d97e331668c268e1fbcd80325d109374b2e07584b9f1d779e
Opcode Fuzzy Hash: 731eeadebf531e67fa995ca900cabe6b80100e0cdae776af6b59f915dd3830c8
Instruction Fuzzy Hash: FF12D0B5B00B8082EE16CBABE859BE96361A79DBC4F005017EF4D577B6DE7CC1898740

Function 00000001400B432E Relevance: 5.3, APIs: 3, Instructions: 844COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153471e0234c3af9603cf7a2d7cef815a04082797a1361b9eaa5994b06acd7a8
Instruction ID: 4c946b8302ee29966576bf16f14fbce5201e9fae7cb6e7d68db36f7548007c75
Opcode Fuzzy Hash: 153471e0234c3af9603cf7a2d7cef815a04082797a1361b9eaa5994b06acd7a8
Instruction Fuzzy Hash: 8782CEB2B00A4086EB1ACFB7E89ABE967B5A35CBD4F049116DF19573B5DA7CC2418700

Function 0000000140174420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 0000000140174446
SystemTimeToFileTime.KERNEL32 ref: 0000000140174456

Strings

gfff, xrefs: 000000014017448A

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: 2e605a39b95d28e64296eaddbc598a5bdda6917534aee4dc6faaf8086044e406
Instruction ID: 8334dffe36ee4dbee73f9126786a2b6ddd09e3606d34ca324db1d98dcf7252cc
Opcode Fuzzy Hash: 2e605a39b95d28e64296eaddbc598a5bdda6917534aee4dc6faaf8086044e406
Instruction Fuzzy Hash: 920162A662464582EB559B2AF8113996791E7CCB84F449022EB4E8BBA9EE38C1419B40

Function 00000001401604F0 Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

.\crypto\rsa\rsa_pk1.c, xrefs: 0000000140160558
.\crypto\rsa\rsa_pk1.c, xrefs: 0000000140160808
.\crypto\rsa\rsa_pk1.c, xrefs: 00000001401607CB
.\crypto\rsa\rsa_pk1.c, xrefs: 000000014016056F

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\rsa\rsa_pk1.c$.\crypto\rsa\rsa_pk1.c$.\crypto\rsa\rsa_pk1.c$.\crypto\rsa\rsa_pk1.c
API String ID: 0-2478687422
Opcode ID: c0fcabf158c2f7810c1c72a428b1a7abc41e4ff1e02d4394041f644745ee84d1
Instruction ID: f3ad64c070ecdd802d49a2b651aaf19f6c249c120fac6b63b166ae1d05385523
Opcode Fuzzy Hash: c0fcabf158c2f7810c1c72a428b1a7abc41e4ff1e02d4394041f644745ee84d1
Instruction Fuzzy Hash: 4D8156337245A447E716CB3AD805BEE7B91F389784F449629EF8A87B91DA3DC505CB00

Function 000000014004E0DC Relevance: 4.2, APIs: 2, Instructions: 1224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be6a64e32ed8c7db9b533ff3dfe3f20c5b9a2dd6737312f46f631058616c66d7
Instruction ID: 176296ebbd9e1fdf92ac1c05b892271d77b68231019732cd26b46878753cb8df
Opcode Fuzzy Hash: be6a64e32ed8c7db9b533ff3dfe3f20c5b9a2dd6737312f46f631058616c66d7
Instruction Fuzzy Hash: 34C205727017818AEB05DB7AEC46BC973A5E34C790F10822AEA1C477F5DEBC9295DB40

Function 000000014005E728 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 578COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 000000014005F0DF

Strings

7wc58:^, xrefs: 000000014005E998

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_copy
String ID: 7wc58:^
API String ID: 592178966-79569709
Opcode ID: 5c542e57a14739ef6d5a97e0b3add0f4a09e2624caa075443184d47b0c678e18
Instruction ID: b96f998251cc8d7776efe58021a517828f140f6f3f2573c34bb0bb88b9547305
Opcode Fuzzy Hash: 5c542e57a14739ef6d5a97e0b3add0f4a09e2624caa075443184d47b0c678e18
Instruction Fuzzy Hash: AB42E1B1701B9185EF0AEBA7E899BE633A1A75CBC4F005016AF1D573B6DE7CC1818B40

Function 00000001400F05E0 Relevance: 3.9, Strings: 3, Instructions: 139COMMON

Download Yara Rule

Strings

.\ssl\ssl_sess.c, xrefs: 00000001400F07DB
.\ssl\ssl_sess.c, xrefs: 00000001400F0612
.\ssl\ssl_sess.c, xrefs: 00000001400F062A

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\ssl\ssl_sess.c$.\ssl\ssl_sess.c$.\ssl\ssl_sess.c
API String ID: 0-2053772433
Opcode ID: cb1b7505bd804a511ac109c2842eed3ecb2753e4087aa8eb35e6dd6a998426b4
Instruction ID: 1a9a6ecd2e64e18c0519edcd7ed6daf154505d363ffa89eff20cf1051bc21dc3
Opcode Fuzzy Hash: cb1b7505bd804a511ac109c2842eed3ecb2753e4087aa8eb35e6dd6a998426b4
Instruction Fuzzy Hash: 3951AE3230474082EB56EB22E661BEE73A1EB8DBC4F444026FF4947BA5EFB8D5509740

Function 00000001401BE458 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401BE48E

Strings

-, xrefs: 00000001401BE680

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -
API String ID: 3215553584-2547889144
Opcode ID: 795f1835601feb0ba2d711b4efdb8d858ebd55e258d9fd87858067b1df034fa4
Instruction ID: bf0cbc8c8c00c26609bfc4540b7d1513e91ac21265aedbb5fa17a079b7b4b05d
Opcode Fuzzy Hash: 795f1835601feb0ba2d711b4efdb8d858ebd55e258d9fd87858067b1df034fa4
Instruction Fuzzy Hash: FF910272304B8486EB72CB26958479AB7E1F79DFD4F444225EB994BBE9DB3CC4008B00

Function 00000001400A406D Relevance: 3.5, APIs: 2, Instructions: 487COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400A41C5
WideCharToMultiByte.KERNEL32 ref: 00000001400A4485

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 79eacc71031beff0afa382535f3336fc74685ac9e46a88a6749c4c086730b15a
Instruction ID: aa9da55ce32eacd845fb7e9a392503b6bfab99b30ed799767d918f1fb484ad33
Opcode Fuzzy Hash: 79eacc71031beff0afa382535f3336fc74685ac9e46a88a6749c4c086730b15a
Instruction Fuzzy Hash: 1922FEB6B00B8086EB06CF67A859BEA77B4A79DBC4F005116AF1D077B5DA78C1928740

Function 000000014005011C Relevance: 3.5, APIs: 2, Instructions: 482COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000000014005134A
__std_exception_destroy.LIBVCRUNTIME ref: 0000000140051361

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: c207a712be4c7aa10d035a1e769e6e4e19fb97c0a397a197c69309875f5cb86d
Instruction ID: 6ca7575114a1c9f555d1b3d13bf3a9078edc487273b4f738591ea36029db5a2e
Opcode Fuzzy Hash: c207a712be4c7aa10d035a1e769e6e4e19fb97c0a397a197c69309875f5cb86d
Instruction Fuzzy Hash: C722F3B6B00B8086EF16CBABE9597E96360A75DBC4F005016EF0D577B5DEB8C1C58740

Function 0000000140038536 Relevance: 3.5, APIs: 2, Instructions: 476networkCOMMON

Download Yara Rule

APIs

WSACleanup.WS2_32 ref: 0000000140038CA8
DeleteCriticalSection.KERNEL32 ref: 0000000140038D33

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CleanupCriticalDeleteSection
String ID:
API String ID: 4275100556-0
Opcode ID: 1d259b9cca39d2d7add84e4a069264db1f3f4c4376e08936a61c65ffb3c35383
Instruction ID: c4c40a1f1d9837eb3bef626947e2f332acc2617940f47a23545931697c735298
Opcode Fuzzy Hash: 1d259b9cca39d2d7add84e4a069264db1f3f4c4376e08936a61c65ffb3c35383
Instruction Fuzzy Hash: 1712E1B2B00B4086FF5ADBA7E8AA7EA6361B75CBD4F005516EF2D477B1DA38C1518700

Function 000000014003E65C Relevance: 3.2, APIs: 2, Instructions: 221networkCOMMON

Download Yara Rule

APIs

getsockname.WS2_32 ref: 000000014003E89B
WSAGetLastError.WS2_32 ref: 000000014003E8F9

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLastgetsockname
String ID:
API String ID: 566540725-0
Opcode ID: e741defa35d12874b39471b89247bb662971f9e6e726d29d9b75971f003a1a07
Instruction ID: 3514b8f7d9bb345aec5e3025491d03574a6496f39343b31d1cf7e06bd873fdfb
Opcode Fuzzy Hash: e741defa35d12874b39471b89247bb662971f9e6e726d29d9b75971f003a1a07
Instruction Fuzzy Hash: 98B1D672B1064086EB8ACF27E899BF57361FB9D7C4F0091269B09473F4EABCD1519350

Function 0000000140032432 Relevance: 3.2, APIs: 2, Instructions: 214COMMON

Download Yara Rule

APIs

__tlregdtor.LIBCMT ref: 0000000140032820
__tlregdtor.LIBCMT ref: 0000000140032862

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __tlregdtor
String ID:
API String ID: 1373327856-0
Opcode ID: 22e20210585b5ab42ac22eeacff2990d2ecae10f8dcc1e9bbb8a6290b3605508
Instruction ID: 27d203e1a48462c14831854defa09561cdcc3873b7b21f303595345d4cfca2d3
Opcode Fuzzy Hash: 22e20210585b5ab42ac22eeacff2990d2ecae10f8dcc1e9bbb8a6290b3605508
Instruction Fuzzy Hash: 49A1B271701A5046EB0ACB5BE9A5BE5BBA1E39CBD0F049426DB0E473F5DE78C446D700

Function 00000001400C63E8 Relevance: 3.2, APIs: 2, Instructions: 203COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00000001400C6600

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: a0e2303ca609919b3f285469428f5a24c43edce87158f9538f71b1b0d88dfe00
Instruction ID: 8304030070ba8251cd941625560c9e30512f3d602d978932688e8dc5ba133bb0
Opcode Fuzzy Hash: a0e2303ca609919b3f285469428f5a24c43edce87158f9538f71b1b0d88dfe00
Instruction Fuzzy Hash: 03919F71304A6082EA5ACF1BE8A8BE53BB1A39DB90F045126DB4A477F6DEB9C045C704

Function 00000001400AE539 Relevance: 3.2, APIs: 2, Instructions: 190COMMON

Download Yara Rule

APIs

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00000001400AE66C

Part of subcall function 00000001400D9AEC: WideCharToMultiByte.KERNEL32 ref: 00000001400D9B47

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00000001400AE7BF

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$ByteCharMultiWide
String ID:
API String ID: 1438481634-0
Opcode ID: 79addf8df34227d37d9170551161602ea33660d5368d16b5478dbd65c35baa41
Instruction ID: ad84e3696ede8cbb855028ea54104da44c9ef3073ed8f447719731adb8086f0e
Opcode Fuzzy Hash: 79addf8df34227d37d9170551161602ea33660d5368d16b5478dbd65c35baa41
Instruction Fuzzy Hash: 17814872300A5186EF2ADF2BE869BE973B6A35D7D1F8452259F1D4B3F4DA3C80418700

Function 000000014012A2D0 Relevance: 3.0, Strings: 2, Instructions: 534COMMON

Download Yara Rule

Strings

j <= (int)sizeof(ctx->key), xrefs: 000000014012A364
.\crypto\hmac\hmac.c, xrefs: 000000014012A370

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\hmac\hmac.c$j <= (int)sizeof(ctx->key)
API String ID: 0-2480544988
Opcode ID: 6773ec69fa963985a5d18d637d769c0df292f2e7f1a837dbc223a440831c432e
Instruction ID: cf66e6f92409ccb514e57cc9e31aabb80120a2eced60a73d56c3dd31c5468d1c
Opcode Fuzzy Hash: 6773ec69fa963985a5d18d637d769c0df292f2e7f1a837dbc223a440831c432e
Instruction Fuzzy Hash: E2428B5210A3D05CCB168B7A10607EA3FE0972BF45F9E51BBDBE44E197D009C28BA776

Function 0000000140154660 Relevance: 2.8, Strings: 2, Instructions: 318COMMON

Download Yara Rule

Strings

.\crypto\bn\bn_exp.c, xrefs: 0000000140154A77
.\crypto\bn\bn_exp.c, xrefs: 0000000140154AA5

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\crypto\bn\bn_exp.c$.\crypto\bn\bn_exp.c
API String ID: 0-85365306
Opcode ID: ef9bde72f4eeab762bb4f42aff887be8d8987a5cb162c35fb9a33d7469772595
Instruction ID: bd35a278ad3e55bc2a72e856c2ee2e8eb67a20a3aeae2cff9439b1804da38374
Opcode Fuzzy Hash: ef9bde72f4eeab762bb4f42aff887be8d8987a5cb162c35fb9a33d7469772595
Instruction Fuzzy Hash: 3AB1F6723046A443EAA6DB63A5057EBB295BB8CFC8F0C40259F494FBA6DF3EC4459704

Function 00000001401385B0 Relevance: 2.7, Strings: 2, Instructions: 188COMMON

Download Yara Rule

Strings

.\ssl\t1_enc.c, xrefs: 00000001401388B3
.\ssl\t1_enc.c, xrefs: 00000001401388D9

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: .\ssl\t1_enc.c$.\ssl\t1_enc.c
API String ID: 0-865736117
Opcode ID: b81941868c68af19ad9efe9a8704c55bb67aa648fe212ff43daa6956b31feb61
Instruction ID: 11ffdb87803c6554da05694d3bf704c16868370fb67db11b82e277ef64d0c5f9
Opcode Fuzzy Hash: b81941868c68af19ad9efe9a8704c55bb67aa648fe212ff43daa6956b31feb61
Instruction Fuzzy Hash: F3813E77614BC586EB628B29E4417DAB7A0F7C8B80F408226DFC997B55EF78C549CB00

Function 00000001400562E3 Relevance: 2.1, Strings: 1, Instructions: 872COMMON

Download Yara Rule

Strings

C8;D)wP, xrefs: 000000014005646C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: C8;D)wP
API String ID: 0-93670927
Opcode ID: 6be14e6f33a1ebc5305a4205c315101ba2c46b40a0a65750a661e547b8b3c08d
Instruction ID: d78876d3f36c096bb6f6eb2b01032554f2f9a928658a9981b624ebf0f37a66f2
Opcode Fuzzy Hash: 6be14e6f33a1ebc5305a4205c315101ba2c46b40a0a65750a661e547b8b3c08d
Instruction Fuzzy Hash: 3D82D3B5B00A8086EB1ADFA7E855BE56364E39EBC4F006016EF1D5B7B5DF78C1818B00

Function 0000000140004260 Relevance: 2.1, APIs: 1, Instructions: 594COMMONLIBRARYCODE

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 0000000140004723

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_copy
String ID:
API String ID: 592178966-0
Opcode ID: b713567f932ae23cf76ce39cf676aa3e2060b1a3b2c124d48fbab81cb5467380
Instruction ID: ad84faa50a820c56c062bfed5db3d04a941fcedb65b07ea251a246dcf769e296
Opcode Fuzzy Hash: b713567f932ae23cf76ce39cf676aa3e2060b1a3b2c124d48fbab81cb5467380
Instruction Fuzzy Hash: 2242BEF5B01B8085EF0ACBA7F86ABE927A5A75DBC8F005016AF1D573B6DA7CC1518340

Function 000000014003A2F6 Relevance: 2.1, APIs: 1, Instructions: 573COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 000000014003AC82

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_copy
String ID:
API String ID: 592178966-0
Opcode ID: 25b67aa73247c22eb2bf2fcb1b7658685f1def6dfe1460e32f35305a3823624a
Instruction ID: c1ef97e8b5c7fd6961d5d50401c3eb05e51593a9b78cace3f8ef8c940e9312cb
Opcode Fuzzy Hash: 25b67aa73247c22eb2bf2fcb1b7658685f1def6dfe1460e32f35305a3823624a
Instruction Fuzzy Hash: C642F0B6B01B8485EE86CBABE85ABE533A4B75DBC4F005017AF0D473B6DABCC1519340

Function 0000000140082020 Relevance: 2.0, Strings: 1, Instructions: 796COMMON

Download Yara Rule

Strings

5wF$^%-A, xrefs: 0000000140082C8C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: 5wF$^%-A
API String ID: 0-1478875923
Opcode ID: 43f04c4465756fc20657c2f4abe3cad316f7c31fd792db3b26d4ce47856d6d60
Instruction ID: 826019c910adae3735fcc37d10e2cffa47c866a4af40e55964819734a5afc4c0
Opcode Fuzzy Hash: 43f04c4465756fc20657c2f4abe3cad316f7c31fd792db3b26d4ce47856d6d60
Instruction Fuzzy Hash: C472D1B2B0178486EE0ACBA7E8557E937A1B75CBC4F005526EE1E573B5DEBCC1918B00

Function 000000014008E308 Relevance: 1.8, APIs: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000000014008E84B

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: ab26c9fd9d6cca87e6b493421756670ae57ff16e0e192b4a816b7d4c3a0f5bf0
Instruction ID: 2dc4f3f55169293cffa48448c6f6e39441d87a4960fa712520941f61145a8d02
Opcode Fuzzy Hash: ab26c9fd9d6cca87e6b493421756670ae57ff16e0e192b4a816b7d4c3a0f5bf0
Instruction Fuzzy Hash: F7D1CD72B01B4086EB56CBABE8947A977A4F358BD4F005522DF6D073B5EE78C1929700

Function 00000001400865BC Relevance: 1.8, APIs: 1, Instructions: 272COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00000001400869C7

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __std_exception_destroy
String ID:
API String ID: 2453523683-0
Opcode ID: 1af2a53030a7688a9ad70a45ec8359d52f998191304fe403877e4bae83cf4746
Instruction ID: af043c8df806c8e7958ee523343c3b95295155b197efdc289d27356d97220a61
Opcode Fuzzy Hash: 1af2a53030a7688a9ad70a45ec8359d52f998191304fe403877e4bae83cf4746
Instruction Fuzzy Hash: 7BA1F2B271069086EF56CB77AC59BE937A9B35CBD4F014A229F19537E4DE38C182C700

Function 00000001400966F8 Relevance: 1.7, APIs: 1, Instructions: 195threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400E7334: GetCurrentThreadId.KERNEL32 ref: 00000001400E748D
Part of subcall function 00000001400E7334: GetCurrentThreadId.KERNEL32 ref: 00000001400E74A8

GetCurrentThreadId.KERNEL32 ref: 00000001400968AC

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 1b9787c1cf664d97d8710d74fb837c7bd1406ed66e8cfd802127e507036ab7ba
Instruction ID: 6ef4a75db44b0da706c6522c08bf2ad29936bee24b1b82bfbb5422b4f5a83000
Opcode Fuzzy Hash: 1b9787c1cf664d97d8710d74fb837c7bd1406ed66e8cfd802127e507036ab7ba
Instruction Fuzzy Hash: 00710432B0064086F72BDF77E995BFA7371A39C390F148525EB2947BE1DA3885838B40

Function 00000001401465F0 Relevance: 1.7, Strings: 1, Instructions: 432COMMON

Download Yara Rule

Strings

MZx, xrefs: 0000000140146855

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: MZx
API String ID: 0-2575928145
Opcode ID: e65e24ad8f5a53bdaa40e0d958079ba14c94649696dc3cd2a6af8e8fcda96519
Instruction ID: c993142b9188608d5ba308c6ebd3ed8afb9e92ee1493fcc0b5cef6a873c480db
Opcode Fuzzy Hash: e65e24ad8f5a53bdaa40e0d958079ba14c94649696dc3cd2a6af8e8fcda96519
Instruction Fuzzy Hash: 5B228B731056A4CFC755CF65C0C8CAC7BAAF305744B87826AE7A58B281E335E6ADDB10

Function 0000000140084698 Relevance: 1.7, Strings: 1, Instructions: 421COMMON

Download Yara Rule

Strings

hM]w, xrefs: 00000001400846DF

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: hM]w
API String ID: 0-1726011877
Opcode ID: 67590e4c06a7aa53d3778776a2ae803b1553d7e6f8fbf370f318e87c9d1aadf8
Instruction ID: 231513107b215e9524d4fd361f4026867460611821ffbdced226dc406c70e103
Opcode Fuzzy Hash: 67590e4c06a7aa53d3778776a2ae803b1553d7e6f8fbf370f318e87c9d1aadf8
Instruction Fuzzy Hash: 4622C6A2B15F9482E702CB2AA9557E93765F36DBC8F056206DF4A173B1DFB891D0C700

Function 000000014005C346 Relevance: 1.6, Strings: 1, Instructions: 393COMMON

Download Yara Rule

Strings

|Vy, xrefs: 000000014005C449

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: |Vy
API String ID: 0-3012338440
Opcode ID: 83e8c28e63292d34927f4cfccadaaf37b37c71a70a2094bcc6f2f66506b785c8
Instruction ID: 5dbcb226290d2741adc1f56f696a1a5bf719b33ce2a326799e79d3384d25f772
Opcode Fuzzy Hash: 83e8c28e63292d34927f4cfccadaaf37b37c71a70a2094bcc6f2f66506b785c8
Instruction Fuzzy Hash: 5AF135B27006519AEB1ADB67E86ABEA37A0B75D7D0F005116EF1E477F0DE78C1818B40

Function 00000001400226C3 Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ddb87c70a4e04b9f277b79c59c5e015dd9b52fabd3b6c7af6cbd98edc8a8d43
Instruction ID: fe36254c195348a942f5843260b04685d661a27b7e40d8393978606fe9e340b9
Opcode Fuzzy Hash: 3ddb87c70a4e04b9f277b79c59c5e015dd9b52fabd3b6c7af6cbd98edc8a8d43
Instruction Fuzzy Hash: B441AF35711650A7FA0ACB57E8A6BE87BA0E39DBD0F54942A9E0A477F0CE7CC446C740

Function 0000000140144500 Relevance: 1.6, Strings: 1, Instructions: 345COMMON

Download Yara Rule

Strings

MZx, xrefs: 00000001401445F3

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: MZx
API String ID: 0-2575928145
Opcode ID: ba7d57167503edc0e4575756a7dedb93cc0d94c2a7e0b4ac7af31d0c13146a89
Instruction ID: 71cee8b23ec4950e8e50a16101cd08f95ff90f820fe100c1acd1bde83b709e16
Opcode Fuzzy Hash: ba7d57167503edc0e4575756a7dedb93cc0d94c2a7e0b4ac7af31d0c13146a89
Instruction Fuzzy Hash: BCD1D533A292E04FE7168B7994903EC3FF2A35A79DF154049DE9963B99C538890DCB60

Function 00000001400226EE Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

__tlregdtor.LIBCMT ref: 0000000140022E29

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: __tlregdtor
String ID:
API String ID: 1373327856-0
Opcode ID: ace2f9918533182b7825bc8c9785c5f26fab22a73ec4f265eafa819316058487
Instruction ID: 5047fe7bdcfc179a4b06b24521a1f6bd033b54542f52583de2404aafdacc84bd
Opcode Fuzzy Hash: ace2f9918533182b7825bc8c9785c5f26fab22a73ec4f265eafa819316058487
Instruction Fuzzy Hash: 6D419F7270164096FB06CB57E8A6BE97BA1E39DBE0F1854269F0A473F4CA7D8486C740

Function 00000001400683FA Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

+W, xrefs: 000000014006861E

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: +W
API String ID: 0-1390032072
Opcode ID: 80a3622460076376331c003514414be9eff843c4de4752bad25ffbe2ed4acf4f
Instruction ID: 62868f5f79730e52c0895ae3c00ce2a95367f894b5656e5a6279b4aaa99ab0f0
Opcode Fuzzy Hash: 80a3622460076376331c003514414be9eff843c4de4752bad25ffbe2ed4acf4f
Instruction Fuzzy Hash: AFB139B1B01A8482EE16CB2BED55FE96762A758BC4F519A12EF5E037B1DE78C081C704

Function 000000014002C1D8 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

s(@, xrefs: 000000014002C5AE

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: s(@
API String ID: 0-2188894241
Opcode ID: 2a1ac47fedf01b1889ee95df54366b62e066c1a06f0302cc1d0beed0b1bdece8
Instruction ID: 31a5a96fdb4ed4578bec54b0f016d39ff0501983630884cb7615a72263238933
Opcode Fuzzy Hash: 2a1ac47fedf01b1889ee95df54366b62e066c1a06f0302cc1d0beed0b1bdece8
Instruction Fuzzy Hash: AFB188F6B11A8043EA068B6BF818FE97761A35CBC4F519516EF19273B2DA7CE581C300

Function 0000000140102780 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

MZx, xrefs: 00000001401027F1

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: MZx
API String ID: 0-2575928145
Opcode ID: a75d4f0eb6c66537ba7ac6a696b9c7246c863810631736d414cc6a3e21152b5b
Instruction ID: 9a734f06b74a0945d108ff418917d849516fded9a738e7e0b637c9773f6317be
Opcode Fuzzy Hash: a75d4f0eb6c66537ba7ac6a696b9c7246c863810631736d414cc6a3e21152b5b
Instruction Fuzzy Hash: 419100B7304F4482EB58CF66D8956A977A6F79CBC4B12D22BDA4E87724EB38C454C301

Function 000000014014E030 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

@, xrefs: 000000014014E1EF

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 194d9dcb7ba791b34efc46c025a9dba65f2b0ad71c6bccf6dd08ba887dc55828
Instruction ID: e37d8953d991fb158fb60c7c4dccdca197cd66823dccc81eda6f819e7cfca592
Opcode Fuzzy Hash: 194d9dcb7ba791b34efc46c025a9dba65f2b0ad71c6bccf6dd08ba887dc55828
Instruction Fuzzy Hash: E181E472204BC085EB158F2AE440BEA7BE0F789F98F459622DF9E177A5DB78C651C700

Function 000000014007A41A Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

94(Xe25, xrefs: 000000014007A63B

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID: 94(Xe25
API String ID: 0-4194699251
Opcode ID: 852c7bc259d94bc40664867226f8bd8e2035c449c9ba3cb417b2cd3aab2581c5
Instruction ID: 320813fa60de55161c470e5fcf57acfdcd0ca3b4850dd88a594179d94f546861
Opcode Fuzzy Hash: 852c7bc259d94bc40664867226f8bd8e2035c449c9ba3cb417b2cd3aab2581c5
Instruction Fuzzy Hash: 8B9115F5700B8485EE168BA7E858BEA6361A78DBC4F045423AF1D5B7F6DE7CC1818A00

Function 00000001400C80B2 Relevance: .6, Instructions: 627COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdae305ea4d050d799bcb1d18156596c42fe658d57552d1cd1bcba5b6e59243
Instruction ID: 56b5db6194a1a75807d1bde9d670b2949ebbe55d33e009c9f12dab4bcfbf4f9c
Opcode Fuzzy Hash: bfdae305ea4d050d799bcb1d18156596c42fe658d57552d1cd1bcba5b6e59243
Instruction Fuzzy Hash: 6552FFB1B05B84A2EA0ACFA7E859BE977B5B75DBC4F405512AF0D173B5DABCC1818300

Function 0000000140186680 Relevance: .6, Instructions: 597COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad3bbd1fec1f7c57e1d82742600016f08a87378c671b25e815fb0e5c91a02764
Instruction ID: 477ce05c4d46b5cb4e406b7a708505bffc74096485e324e804ee7903d955faea
Opcode Fuzzy Hash: ad3bbd1fec1f7c57e1d82742600016f08a87378c671b25e815fb0e5c91a02764
Instruction Fuzzy Hash: 9112F7E3B3C1B04BE36D8B29E851B69BED0F395749B486019FA96D3B42D53CCA519F00

Function 000000014016A620 Relevance: .5, Instructions: 544COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16c6feeae2209f0a8294a0067f6931cf362359ec037d97f64a025a8175ff19c8
Instruction ID: f4972dd1577df3592500d537ec7949a0e3dec8adf3c0768ef8c6109b1c7f5702
Opcode Fuzzy Hash: 16c6feeae2209f0a8294a0067f6931cf362359ec037d97f64a025a8175ff19c8
Instruction Fuzzy Hash: E7F1D8E1B01A9897CF18CF86F565998D75AA3ACFC0785E027DE0E57B64EB78C681C340

Function 00000001400565C8 Relevance: .5, Instructions: 533COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e7e4ab58141caf43e9b08421d206c183b5aa4afcb11ab99bcf814055c32f0a
Instruction ID: aa6b119b939c30d7b13b15973a99106465ba5f2f51c391b0c560c8c714a0f0d1
Opcode Fuzzy Hash: 70e7e4ab58141caf43e9b08421d206c183b5aa4afcb11ab99bcf814055c32f0a
Instruction Fuzzy Hash: 8F22E2B1B10A808BEB29DF77E855BE56365A39EBC4F006016EF0E577B5DE79C1818B00

Function 00000001400621C2 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e3072d102bc7a3f96e995430f67c68c13439708c7d7bf1ec0ad5be1bcc6711
Instruction ID: 38f9b0783b69ba05040b1e72d840af64c7d11189674d51680bbaa0d8c69cb5e9
Opcode Fuzzy Hash: 68e3072d102bc7a3f96e995430f67c68c13439708c7d7bf1ec0ad5be1bcc6711
Instruction Fuzzy Hash: 732239727046D046FB17473BA868BE93FA1936AB80F245055DB99037F2CB39C2A6CB40

Function 0000000140046625 Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac84ad2b2b72e1f8a6691f1cf63f688d7756544933f984992d6757cff28b7367
Instruction ID: 259fdead86814df80954e5cadf54d5103c1352e1dae8c9059f23cb59bb0ffcdb
Opcode Fuzzy Hash: ac84ad2b2b72e1f8a6691f1cf63f688d7756544933f984992d6757cff28b7367
Instruction Fuzzy Hash: 7C0228716042804BFB0F8B3BB8A5BE97BA1939D3A0F049169D796577F2D97C9186CF00

Function 0000000140064186 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8402e1a39dccce06bc7eea0d6d9005ce913fcb236847db5aaca90ad7fa95455
Instruction ID: 9a4861d1554c127ba669e4eab00f0423bfad5f2ffd586681e5db1b581b9895d1
Opcode Fuzzy Hash: b8402e1a39dccce06bc7eea0d6d9005ce913fcb236847db5aaca90ad7fa95455
Instruction Fuzzy Hash: 6312C2727106808AEB0A8B37E86EBE57BA5E359784F049416DB5A477F1DF7CC285CB00

Function 000000014008A27E Relevance: .4, Instructions: 403COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16af3915554ee0f56d83ba43122f9bc36221e55bc7cfa35dfd56ed33a4d96ab
Instruction ID: f40c36a91c1aa0d054be2259e0ad8d85a350f7649a7c01b3277cb59e3e3e9030
Opcode Fuzzy Hash: d16af3915554ee0f56d83ba43122f9bc36221e55bc7cfa35dfd56ed33a4d96ab
Instruction Fuzzy Hash: A502D3B6700A5082FE4ACF67E969BE53765B39DBD4F005416AF0A177F4DEB88582CB00

Function 000000014005A418 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb0584490aa1cbd9282bb841b6a6d9072959cfbfacc8257ba5edff6a7e41be4
Instruction ID: 7291337deaaa1f79ac97769e9f0adc4d253cf894aa6a2c827b839ba875700d5d
Opcode Fuzzy Hash: fcb0584490aa1cbd9282bb841b6a6d9072959cfbfacc8257ba5edff6a7e41be4
Instruction Fuzzy Hash: EB0233B1B41A5082EA0ACB57F96AFE5A765B399BC4F0450169E0E17FF1DF7CC4928B00

Function 00000001400661DC Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadb55b8b095bd6fb6309235527504301460e19ff7f476cc160f5e59960255f4
Instruction ID: 4472a60b5bc9051c77af140d4a0acb1aa8ac1a479f63ac6a305b4ec1ac5190c8
Opcode Fuzzy Hash: dadb55b8b095bd6fb6309235527504301460e19ff7f476cc160f5e59960255f4
Instruction Fuzzy Hash: F9F1D1B5710A5082EA09CBB7FD69FE53361B789BD4F0450269E1E637B4DFB88681CB40

Function 00000001400A2705 Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ab51097b68318e90aba8a5bfd754b51640fc120bb64a450a802655056cd207
Instruction ID: f498bb8608e6520a6bbdc5a4d2ad3c10b3368212197ae88b02c14049595e9655
Opcode Fuzzy Hash: d8ab51097b68318e90aba8a5bfd754b51640fc120bb64a450a802655056cd207
Instruction Fuzzy Hash: C902CFB6700B8086EA1ACF66E8597E973A5B35C7D4F008526EF2D877B1DE78C095C700

Function 00000001400A668E Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663b05abcc212f48ac9a445bfbcc28287fb5463aba36c700567e18cdd2104400
Instruction ID: 8adeac2fa775bc59de64b1d952a80484d6084f21197c8663d977272e1382d081
Opcode Fuzzy Hash: 663b05abcc212f48ac9a445bfbcc28287fb5463aba36c700567e18cdd2104400
Instruction Fuzzy Hash: 52E1ED72B10B8086EB06CF67E8957EA6374A36DBD4F149216EF6D137B1DA38D1928700

Function 00000001400AA2FE Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc8ad02ff5eea127034b08f3049f05004373d31d19ff296e2dc95d7c2a976d0
Instruction ID: 8d658dccb784c42f0c77483f8da1f4016446ad129ba73b1c53ff5163fb6eaa90
Opcode Fuzzy Hash: 8dc8ad02ff5eea127034b08f3049f05004373d31d19ff296e2dc95d7c2a976d0
Instruction Fuzzy Hash: 55E1CF72B11F8086EB169F67E8857EA77B4A76DBD4F149216EF1C037A1DA38C1928700

Function 000000014016C080 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeadb20a33c242ef49b52f71421619108b812d78837407c2f4b5cf274ad5a659
Instruction ID: 2b805d48292cfdc57168269eb78376e771b4677c42cc89315807c95a187c1a7a
Opcode Fuzzy Hash: aeadb20a33c242ef49b52f71421619108b812d78837407c2f4b5cf274ad5a659
Instruction Fuzzy Hash: E6B1DAE2B016A887CE18CF86F965ED8D35AA368FC0785E427DE0D57B65EB79C641C300

Function 00000001400C685E Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d637df69e295f7c4966f48f19d87fe5c26fbeb29549ab072e315ea6823a945f7
Instruction ID: 8f87fdb3e3f054bb07988fe8e8e46dfc573afe3e87358c647dbe46de91203229
Opcode Fuzzy Hash: d637df69e295f7c4966f48f19d87fe5c26fbeb29549ab072e315ea6823a945f7
Instruction Fuzzy Hash: BED1B2F1701B1442EE1ADF6BE8A97E563A5AB9DBE0F005526DE1E477F6DABCC041C200

Function 00000001401465D0 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 821186d4cab5aaeb7d7529c3713ce1f813868b0671ef3a88793863023e42dd58
Instruction ID: ca946a2f010b2a2c8404bac0707030ddd8a1274b4d96e6dec513bd25f22eda19
Opcode Fuzzy Hash: 821186d4cab5aaeb7d7529c3713ce1f813868b0671ef3a88793863023e42dd58
Instruction Fuzzy Hash: 46D1C473A04694DBC70ECF29D8A1AAC3BE4F705B49745922ED75683709EB39E224CB04

Function 00000001401A6054 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5af686d7167a97e4aff3b2927fb0eeb1be44027677576bae770843995fd750
Instruction ID: e40649322a441784addc8210ee8226a4d06e745bc56e39d782a67ad711d43382
Opcode Fuzzy Hash: 3a5af686d7167a97e4aff3b2927fb0eeb1be44027677576bae770843995fd750
Instruction Fuzzy Hash: 539127363146504AFE2B4E3B94103FE2AD0BB99F94F1415299F6A477E5DA3CC98ADF00

Function 000000014006A14E Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d20a805f517f0cb7e17fc648f9e235ea02067f68874967c0b4eec24f611dc7
Instruction ID: 1ab24f152be8da29a3da23957a92e133ed87baaa167631424f3f9d04a08aab96
Opcode Fuzzy Hash: 66d20a805f517f0cb7e17fc648f9e235ea02067f68874967c0b4eec24f611dc7
Instruction Fuzzy Hash: F3B128B2B01A8446EE16DB67FC19FE967A1A759BC4F105926AF1E033A1DF7CC190C700

Function 000000014006A71C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f9a19dfa2d34ac499b305efa95c667b9d138660672a0b49fb0da08499141f2
Instruction ID: 52e290e405edec35b410daa3de3ea2da2aa105f8c81c7d05aa8f97f7825fcffd
Opcode Fuzzy Hash: 55f9a19dfa2d34ac499b305efa95c667b9d138660672a0b49fb0da08499141f2
Instruction Fuzzy Hash: 6FB159B2B0268542EA16CB6BAD15FEA6761A359BC4F109617AF1D077F1DF7CC091C700

Function 0000000140182650 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c7bf867681dd77f5fd17c4fb256da9c2cdd25a5d1f55fac0dd922d1062f1a4
Instruction ID: 23bc7a2d1cca6e17c4f1bfa4517c3c151f02bb15acbe4a989620e133a34b9f7f
Opcode Fuzzy Hash: 86c7bf867681dd77f5fd17c4fb256da9c2cdd25a5d1f55fac0dd922d1062f1a4
Instruction Fuzzy Hash: 20B194B66101148BE349CB1DD894E6D3399F7A870EB939325E3994B389C93EBC45C7D0

Function 00000001400206B1 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b52828cbc2f11b1bc56ac38a5711ad7c10e39657055081d181b96881b74f68d
Instruction ID: 8769473a1d174766ffaec5d40d7fa4dc4a1c193832c37fa346c49898c8340640
Opcode Fuzzy Hash: 5b52828cbc2f11b1bc56ac38a5711ad7c10e39657055081d181b96881b74f68d
Instruction Fuzzy Hash: AAB1E0B6B1068086FB15CBA7E855BA937A1E398BE4F059126DF1D277B4DE3CC581CB00

Function 00000001400841B6 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4752589ba9d10b89bcd81120deadbca0cb78311ad52e651374de16317a73163c
Instruction ID: 19339263b08a0e26bc14d55fc321ac74727c0198311fcf90ef8dfa45c79c4dcb
Opcode Fuzzy Hash: 4752589ba9d10b89bcd81120deadbca0cb78311ad52e651374de16317a73163c
Instruction Fuzzy Hash: 5EB1CEF9700B8481EE068B97B869BE97765B35EBD4F415427AE0E1B3B5DEBCC1818700

Function 00000001400282AE Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a6dd05d0a8ce2f677972aff118e633403dd173914665f92e835031eaa652fc
Instruction ID: d241ecaf96d69174167fc72b6c96a75495709a6b714acabf17f8aa77cc232ec0
Opcode Fuzzy Hash: 53a6dd05d0a8ce2f677972aff118e633403dd173914665f92e835031eaa652fc
Instruction Fuzzy Hash: 3EB19EB5701B8882EE178BDBB969BE5A3A5E79DBC0F00512ADF0D573B1DABCC1418340

Function 000000014000C5C4 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 184469055e68cbd0b1d647ecf62c1dadcc8f8fc02ce9f47922a84c06ad5a80ca
Instruction ID: 3a18c2a43b8755e1d3ca03bef097ba4216f553f04f80e8f0e921d12b41d3623f
Opcode Fuzzy Hash: 184469055e68cbd0b1d647ecf62c1dadcc8f8fc02ce9f47922a84c06ad5a80ca
Instruction Fuzzy Hash: 0891EDB2F1164481EF1ADB77B89EBE567A5A35DBD0F005126DF1D4B3B1EA78C2428700

Function 0000000140044786 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f8002eed82e2ce5cd26d59f4709e00c1a506c101d25a35df6b3178bd01f294a
Instruction ID: a66b25627d51e4d191bae8608ba7644ab6a6221b61b98d669d713fae2cdbffdd
Opcode Fuzzy Hash: 6f8002eed82e2ce5cd26d59f4709e00c1a506c101d25a35df6b3178bd01f294a
Instruction Fuzzy Hash: 0D9102B6705A5481EB068B5BFC98B95A752F39CBD4F0191269E0C477F8EEBCD081CB04

Function 00000001400287D8 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 014e3a9eb22d648002af35aa66252e8991c6ff9bc196bb0bb9b6f76e448c3ee4
Instruction ID: b167c4269d0ffb54994604ff44a15c27135270414bd736128011029b89127852
Opcode Fuzzy Hash: 014e3a9eb22d648002af35aa66252e8991c6ff9bc196bb0bb9b6f76e448c3ee4
Instruction Fuzzy Hash: 4DB18CB4712A8882FE5B8BA7F969BE533A5A74DBC0F00542AEF4D573B5DA7CC1418700

Function 000000014000E5D6 Relevance: .2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06de9b4c8b765b359d3020c7f732d048e2d7d7c66e24f7b613f03851ab68ee40
Instruction ID: 01a7c779a02a4d4fd44852f7047b31bf6ca6b9be009cbf68cd36bc80f02924a4
Opcode Fuzzy Hash: 06de9b4c8b765b359d3020c7f732d048e2d7d7c66e24f7b613f03851ab68ee40
Instruction Fuzzy Hash: 9C91D1F1B0178482EE1ACBABF959BE963D1B75CBC0F049526AE1D573B1DA7CD2418300

Function 000000014014E520 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1975e3c46c0f9c8b8bbacb60019705df9606541a6ac3090ecc33236ac143ea
Instruction ID: 9036145f3402677103dbeb188783324b88e57d957540e3aac85b9937f541e268
Opcode Fuzzy Hash: eb1975e3c46c0f9c8b8bbacb60019705df9606541a6ac3090ecc33236ac143ea
Instruction Fuzzy Hash: 3A811663615BC046EB028B2A95407EDBBD1F799FE8F064622DF9A17BA5EB78C105C340

Function 00000001400B21C2 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61eb19c5fa602165b9d0860f3b80fc1f9a0e41ab94f9fae15a6e21d69a834c14
Instruction ID: d2a5cf4faf98ae58ad19fb4334fe5fbbbf42320905f09f3631ce6492d867bdd1
Opcode Fuzzy Hash: 61eb19c5fa602165b9d0860f3b80fc1f9a0e41ab94f9fae15a6e21d69a834c14
Instruction Fuzzy Hash: 39A1A432B10A11CAE726EF67D489BB8B771E39DB44F148116DB194BBB4CB79C442CB40

Function 000000014007C494 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ef03e9b75bc7fb3cc22ed82fd47196b6a4acdd461661ce1339c80438f73a28
Instruction ID: ae6bf735cdfc865e14ef2b23fec49f68fcd5fbd7d5ad5a6a21a26a00e78dfb88
Opcode Fuzzy Hash: 69ef03e9b75bc7fb3cc22ed82fd47196b6a4acdd461661ce1339c80438f73a28
Instruction Fuzzy Hash: 8B9102B0B20B8482EE1ACBA7B818BD537A4A7CDBD0F505116AF1D677B5DE7CD1818B00

Function 000000014014C5B0 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084a654fe3b35f2c53929b6cfe1b3796c1db2ee29c1118f4f2f092883e964f34
Instruction ID: 49ff72656926ac31ff3d47df932276aed559ebb6393a843ed2db6478d187e095
Opcode Fuzzy Hash: 084a654fe3b35f2c53929b6cfe1b3796c1db2ee29c1118f4f2f092883e964f34
Instruction Fuzzy Hash: 6671BD72205BC48AD750CFA9A865BE97BE9F359BC0F149126EF9C53B05EB38C165C340

Function 000000014002E5EE Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b00238e5b581377a0b862ab1ad0f7d36c0d5a50590cf7bbcdf58919b093032
Instruction ID: e8c0a90d6ecc02cdfc403ef83e46dab05dc154d2fd8c0f87aecdbe60df681866
Opcode Fuzzy Hash: f1b00238e5b581377a0b862ab1ad0f7d36c0d5a50590cf7bbcdf58919b093032
Instruction Fuzzy Hash: 039128B676439487E667CF27A908F987B60B328BD8F24510AEF1917BF0D6759D42CB00

Function 00000001400A8711 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b649fb24840cc6e58c85aaa3fce2b811ea60e8cf7722fb10acdb57058b3a59
Instruction ID: e5730bb075bbd948e8fb75d8c58a891009052f5d0fa099aa6d33efedbd6768ac
Opcode Fuzzy Hash: c3b649fb24840cc6e58c85aaa3fce2b811ea60e8cf7722fb10acdb57058b3a59
Instruction Fuzzy Hash: 6181E2B1701E4046FF1ACF67F8A9BA563B6A358BC4F099426AF09477F5DA7CC4918700

Function 00000001400206E8 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 811efac92ed8e7151e75bb7a1e0bb9dd9658b7a789dc485a529bfac2075d13b2
Instruction ID: 56d1b543f4c9a6028cf9201b1939d67ca449f2735268eb553466d1e2fd3bf9e5
Opcode Fuzzy Hash: 811efac92ed8e7151e75bb7a1e0bb9dd9658b7a789dc485a529bfac2075d13b2
Instruction Fuzzy Hash: 4A81C472B003408AFB1ACB27E856BA977A4A35C7D0F14912AEF5E473F1DA7CC5528B40

Function 000000014003065A Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed62975e4328e0a9f7aedfc3eeba373981fb1170564e2b8f423c116a03747ca1
Instruction ID: d8da3aa48bd2c2358ba2db4cf7400ac197667828fd433cb0b8e44adce64d8bc5
Opcode Fuzzy Hash: ed62975e4328e0a9f7aedfc3eeba373981fb1170564e2b8f423c116a03747ca1
Instruction Fuzzy Hash: 3B8101B2B0064086FF06CBA7E869BE97760A79DBD4F005516EF1D577F6DA78C1429300

Function 000000014018A800 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec15d84830d62ff4d3877c066978e99d3e02a8a73ff1a21c8a8248869d3e8e28
Instruction ID: 55693f3825a9d00705382cb2bba49892f8cb419dbd8a52ba515f0032253e25dd
Opcode Fuzzy Hash: ec15d84830d62ff4d3877c066978e99d3e02a8a73ff1a21c8a8248869d3e8e28
Instruction Fuzzy Hash: 9861383370469147F76A8E2394943EA6A51FB4AFC4F958026CF8603B91EB3DC70AC700

Function 000000014014C080 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378ba45548db7e25f83b13d4d9705c2827b952fe0b988158022a0451813761b2
Instruction ID: 6438e57bbf7348feb5a15508a301f4e2c88b7a9d07fbfe6304e19e97cfccaf90
Opcode Fuzzy Hash: 378ba45548db7e25f83b13d4d9705c2827b952fe0b988158022a0451813761b2
Instruction Fuzzy Hash: 535105767146D08AEB528F6B95807AABF51E35AFD4F1A4236DF8D07BB6C938C046C700

Function 0000000140040368 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db0b8876c0c99128cb7be1d5206436896fd8dcdef885f8d74ee1a95acbb056c8
Instruction ID: 3794ccc5df8610169f2c3749a6c417dab6081af053419987894b723cd2f35739
Opcode Fuzzy Hash: db0b8876c0c99128cb7be1d5206436896fd8dcdef885f8d74ee1a95acbb056c8
Instruction Fuzzy Hash: 7D7104B2B01B8086FF06CBA7E8997E92765A39DBC4F009526DF1D173B2DE78C1918740

Function 00000001400BA46B Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: std::_$Lockit$Facet_Lockit::_Lockit::~_Register
String ID:
API String ID: 878851027-0
Opcode ID: 05c9756ca55a94fee0e8cf6dcb110af32f95e67250ea224ab44c147b57e48b56
Instruction ID: 32486d7e74b32e51773f77eddbbc574217481eb3a8e095b2166078536ca6cf40
Opcode Fuzzy Hash: 05c9756ca55a94fee0e8cf6dcb110af32f95e67250ea224ab44c147b57e48b56
Instruction Fuzzy Hash: BC71C232700A808AFB16DF77E899BA977B4E35D780F149116EB5D473B1CA78D452DB00

Function 000000014014C6D0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebab5f4f8c9e51713d9ee8408d3ba949b0f8d6f85401be2488fc3170d21a64
Instruction ID: 4bb47287f9f50a8bbfd62fa00ded0d00c4e449a52c4a6aa699b39e1c5f482996
Opcode Fuzzy Hash: d8ebab5f4f8c9e51713d9ee8408d3ba949b0f8d6f85401be2488fc3170d21a64
Instruction Fuzzy Hash: D971E433715BD486EB428F3E944029DBB60F789F98F599226DF8817766DB78C106D310

Function 00000001400A6338 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c909c8cb4e8fbe28a653c4356368169c82b924aa632c90cb2a53cb9801705b43
Instruction ID: fc194077903f946b594179b1d1df6c036cdff4ee53039ba63cba3412bc3aa16e
Opcode Fuzzy Hash: c909c8cb4e8fbe28a653c4356368169c82b924aa632c90cb2a53cb9801705b43
Instruction Fuzzy Hash: 4C61F2B2B11F8085FB059FB7A8557E92371A7ADBC4F405612EF1C173A5DA78D1918340

Function 00000001401680D0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d851812da24bc0b0d770370b46881ec448acb54c167b8a9a7a0e0feb5a8fa6
Instruction ID: 2d1b39ab77e5bfe3c5c9f220e47b8ce4f2cc1abaad7f7ae23b215640f4b0982a
Opcode Fuzzy Hash: f9d851812da24bc0b0d770370b46881ec448acb54c167b8a9a7a0e0feb5a8fa6
Instruction Fuzzy Hash: 0851D1E2710BD496DB18CF86F951AD8A796F39CBC4B81A126DF0D47BA5DB38C294C300

Function 0000000140094292 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccaad1a128448e0b3937710485b472313fe7a14b866f91b3734feb4c07443d29
Instruction ID: 11bf0cb2fddcdef14287f0641f2793fedbfea3356a8c51417a0ef6fa93358166
Opcode Fuzzy Hash: ccaad1a128448e0b3937710485b472313fe7a14b866f91b3734feb4c07443d29
Instruction Fuzzy Hash: 2D61E1F2B10B8485FB1ADFB7E8957E92330A79DBC4F409112AF1C573A5DA78C1918740

Function 000000014006812E Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2507d04d397d3f86023494e817d3e0b01f65456f776049bb8e4ecebb0dec13f1
Instruction ID: dfc25ba7a204ae302b86317d64f40042524488ee31815ae5670ff11073456a2f
Opcode Fuzzy Hash: 2507d04d397d3f86023494e817d3e0b01f65456f776049bb8e4ecebb0dec13f1
Instruction Fuzzy Hash: A8619FB1701B8881EE16CB67EC69BEA7365A75CBC0F509426AF4E173B2DE7CC1818744

Function 000000014014E840 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4bc8f7140d3fdb5243091741ea6753994eb04503e5f0fa99181a920278ef17
Instruction ID: ab36b4f155574f85294cc891d2c78d44ec5d5e466b9e471a8ab3ad3dfb84423e
Opcode Fuzzy Hash: fd4bc8f7140d3fdb5243091741ea6753994eb04503e5f0fa99181a920278ef17
Instruction Fuzzy Hash: F65122623047D486EE568B2695803EEBBE0F749FD4F184122EF990BBE5DA78C151C300

Function 0000000140146300 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e656644bb18dc1076330f93b386154d5e4ef4fbeb896a21223e51bddd7ae85
Instruction ID: 7289a02f4d21d16b1495bc690c50bd8528fee11f8bca7cfc2311a88b9774b040
Opcode Fuzzy Hash: a4e656644bb18dc1076330f93b386154d5e4ef4fbeb896a21223e51bddd7ae85
Instruction Fuzzy Hash: BD51C66321D3D88AD7218BAD7800A5EFFA0E3AA794F484159FBD483F46C67CD525CB21

Function 00000001401481A0 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 781975d71a9463acaf2824a9d98c53edcbfd3e023c8e1c3ee02cf8e00debd206
Instruction ID: ebb477039a85657eb312731975b239569d6d80bf5c76ad83e0856c7660ecd2eb
Opcode Fuzzy Hash: 781975d71a9463acaf2824a9d98c53edcbfd3e023c8e1c3ee02cf8e00debd206
Instruction Fuzzy Hash: 1B51E3637292E49EF7028BBD48006AD7FB0B326744F848199EFD4A3B47C638D621D761

Function 00000001401861F0 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3124b6bf3bfdb526d4dfa36ddbb4f05cc2cc60711eaac1169ee42ed109981db1
Instruction ID: ae61931a1cd62501c5bdc44447cd3e283145227d6220fd6591c01084d31c40e8
Opcode Fuzzy Hash: 3124b6bf3bfdb526d4dfa36ddbb4f05cc2cc60711eaac1169ee42ed109981db1
Instruction Fuzzy Hash: 4851C6537292E49EF7068BBD480029D7FB0B326744B848189EFD4A7B47C638D621D761

Function 000000014003C06C Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9888dae9a29f3cd4e858bf32dbeb829714ad97ae8039a283cb46dc78eac15683
Instruction ID: e5d1f3ba99678e7a42e59f7ac67141b15dfcebe440fcf30665c0f075bc347e17
Opcode Fuzzy Hash: 9888dae9a29f3cd4e858bf32dbeb829714ad97ae8039a283cb46dc78eac15683
Instruction Fuzzy Hash: 296106B571178082EE9ACFA7E854BDA7361BB8DBC0F008122AF19573B5DE7C85519340

Function 00000001400984D6 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdc14c525b91531c000969ae5dcd361f2d2f631b21839cf138d286f01c212353
Instruction ID: ca153a915045050fda6de744b6d3a9a88770d34484862039822a40ddb95a01b1
Opcode Fuzzy Hash: cdc14c525b91531c000969ae5dcd361f2d2f631b21839cf138d286f01c212353
Instruction Fuzzy Hash: 0951EEB1711B4482EA66CFA7E8957E96360FB4DBD0F449926AF5D177F1DA38E0828300

Function 000000014007C08E Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d57b78858d3ee294965e2fc679a62260a4b3558922def1d54bcb9d58a3e4d6b
Instruction ID: 3eb463589c541331138ca3f2a430d19409d9bdc4e9e127f508faaca737ac404c
Opcode Fuzzy Hash: 5d57b78858d3ee294965e2fc679a62260a4b3558922def1d54bcb9d58a3e4d6b
Instruction Fuzzy Hash: 4961CA32A20654C7E646CF67E824FA47764B39DBE4F24520BAF19677F0CE789C818B44

Function 000000014014E340 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33201f347331fbddbc7d844899f88180ea20b6c1e217d844ce279a793cf4297
Instruction ID: f068e19f8b566afed9af0d3405827db3f323b58cecff993f82b561db062719e7
Opcode Fuzzy Hash: d33201f347331fbddbc7d844899f88180ea20b6c1e217d844ce279a793cf4297
Instruction Fuzzy Hash: 6E510562304BD085EB168B36E4503AA6BD0F389FECF494425EF8E47BA9DA78C651C700

Function 000000014015C800 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 074cf1c20920fce8c58ac3a5d540ab97904fe36e562f5956d67358a6b5af0910
Instruction ID: a888c834b4da6e9fe5a894d2936a9fc7970cce0680d054a7dd29dcc5a12f4fc3
Opcode Fuzzy Hash: 074cf1c20920fce8c58ac3a5d540ab97904fe36e562f5956d67358a6b5af0910
Instruction Fuzzy Hash: 0151B873E24BE485F701CB7A98413FC6371F79AB88F149315EF882A9A6EB74D1858340

Function 00000001400B06EE Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b20f23893b942914bf1ca88ef74deee65d28b4e650969502b66af45c44dc697
Instruction ID: 38bc70c930de64b9d49e73cdf472ae46b8ef441e3d7a77ffa42d47d05a976861
Opcode Fuzzy Hash: 7b20f23893b942914bf1ca88ef74deee65d28b4e650969502b66af45c44dc697
Instruction Fuzzy Hash: 8E51BF32700A1186EB5ADF67E9947A573B1B38C798F048126EB5D8B7B4EF38D4A1C300

Function 000000014003C6D2 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753a146b756d345e248320e62c04b25f9c3d795500013348ddad18c9acbdfd28
Instruction ID: 184e91596e5dd3e2a35e51521aff353c1f6f256fb2135625cedde1191ec7b513
Opcode Fuzzy Hash: 753a146b756d345e248320e62c04b25f9c3d795500013348ddad18c9acbdfd28
Instruction Fuzzy Hash: 3C513636711B0482EAA68F17E898BA673A4B748BC4F444026EF4D8B7B4DF7CC562D300

Function 00000001400B6190 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 661511c9d91f79c25704a2aaea72dde34eab9d4a0f912bcd8678a7a3ebcd4bc9
Instruction ID: ba3bc33e4dbaf1ad2a4646c2a0ccb7d41c08c53a75098c3d12770e4ba41c106c
Opcode Fuzzy Hash: 661511c9d91f79c25704a2aaea72dde34eab9d4a0f912bcd8678a7a3ebcd4bc9
Instruction Fuzzy Hash: F951B236B10A508AEB15CF62E999FD87BB4F389784F41911A9E0953BF0DB7DC641CB40

Function 000000014014C3E0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77a888d4f789a72e1374289388ac0f5b4d91068f2cc7d4b1516e6f87d5419e93
Instruction ID: 692a655add78abbcab769fac7fbd40488d651adc060ec79e629ec4d77932cb69
Opcode Fuzzy Hash: 77a888d4f789a72e1374289388ac0f5b4d91068f2cc7d4b1516e6f87d5419e93
Instruction Fuzzy Hash: FD41F627619AD086E7618B26F4507DFBFE0E39A794F05821AEBCC47B95CA3CC049DB10

Function 000000014003C36A Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CriticalSection$Enter$CompletionLeavePostQueuedStatus
String ID:
API String ID: 2028326977-0
Opcode ID: 5e38a2788b2e4f947589ccac50c74ceb1cd5945b8beff6379fee1574feca8ef6
Instruction ID: 7657d01e344d2b4944001230dd30f79fae21d127e6f662ee37b9ddf688324130
Opcode Fuzzy Hash: 5e38a2788b2e4f947589ccac50c74ceb1cd5945b8beff6379fee1574feca8ef6
Instruction Fuzzy Hash: C741B072705B8086E7629B66A854BEA33A0F3597E4F044325EFAD433F5CB78C192C700

Function 000000014009231A Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLastSocket
String ID:
API String ID: 1164164305-0
Opcode ID: 062826edcc03dc448fc7e8355c67d901ce48959271fb1b60847b73350ae9d035
Instruction ID: 3611df095522d9ed9b50568f6fe5f732b6cf7bb26574359dbeecfa1f26b44cec
Opcode Fuzzy Hash: 062826edcc03dc448fc7e8355c67d901ce48959271fb1b60847b73350ae9d035
Instruction Fuzzy Hash: 0941E2B26006408AEB56CF26EC56BA97761B3597D4F019226AE19877F5EA7CC0C1DB00

Function 00000001400905F6 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30c256c193df3740ed514aaddcc9fb027dbbf6429ac1cfc8c1ca788896d5a62
Instruction ID: 9828a286ca93d582a086344f786e28b82a86fa01a6d8244824c21503ffed5961
Opcode Fuzzy Hash: d30c256c193df3740ed514aaddcc9fb027dbbf6429ac1cfc8c1ca788896d5a62
Instruction Fuzzy Hash: B541B4B1740A5C81E6828FE7A918FC57762736DBF8F115603BE28677F4DE7C8581AA00

Function 00000001401441A2 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5405b4e0e57eb204affa9bcf8e69b68c2a92f2b8ad65b9a92880338d03dd839
Instruction ID: 1f7aa77eeaf5138375530d2273ae09fa686f0a3a1d601de84b34171742c2ad9b
Opcode Fuzzy Hash: f5405b4e0e57eb204affa9bcf8e69b68c2a92f2b8ad65b9a92880338d03dd839
Instruction Fuzzy Hash: D1318F13A0D2E84DE307CBBE141455E7EE4E2B2A84749C59ADAD2BB79BC438C206D721

Function 00000001400804BA Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7429d7c350231813ea64e86d3126d20b6d94d4e9d23b3bc311560dc120b6982b
Instruction ID: 3f02ff033d9e5486175494bd896f518b18879da4d68f4979b578a74bd32781d7
Opcode Fuzzy Hash: 7429d7c350231813ea64e86d3126d20b6d94d4e9d23b3bc311560dc120b6982b
Instruction Fuzzy Hash: E43169B1720B4486EA068BA7EC45BC577A4F79CBC0F205036AE0C577B5DE78D2A1CB80

Function 0000000140012554 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1b0b7440aafb604d940a983cba3a249a4c3bd1b46f3fd3eb1ca7381870df43
Instruction ID: bf81c70fc0c98fd03f31489c1a11ffeef2c24d1c26d001dd4961750c4f5b99d4
Opcode Fuzzy Hash: 6f1b0b7440aafb604d940a983cba3a249a4c3bd1b46f3fd3eb1ca7381870df43
Instruction Fuzzy Hash: 7431A2B0B1478041FE2A9BB7E559BEE6322AB5CBC0F049416BF491B3F6DE7CD1918250

Function 000000014001E5CA Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f095f73c5bb8e7035a7ddc0e2a9caacdb2cbe3b05781072e3f42fb4f3010275
Instruction ID: a0983a652f97df0cea6ba095d650ae8d4bcfd2cb45109b5113db2fd651f866f3
Opcode Fuzzy Hash: 4f095f73c5bb8e7035a7ddc0e2a9caacdb2cbe3b05781072e3f42fb4f3010275
Instruction Fuzzy Hash: 76314AB070569481FE5ACBAFBC697E527A1A75DBE0F0094239E4E6B3B2DD7DC1408244

Function 00000001401446D7 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd2761c6a9a7828210fb76f536e7bfe686f0c96a374001cb66530293e75c905
Instruction ID: d3d9d026ddb2814b4db846cf4acb6dbf8bf700c513318cc4f4bf041602d957d7
Opcode Fuzzy Hash: 9dd2761c6a9a7828210fb76f536e7bfe686f0c96a374001cb66530293e75c905
Instruction Fuzzy Hash: 3721931321A2D88BE7034B7C590178D6E60A36ABC8FC98256DF89EB757C438C549C363

Function 000000014014619E Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2975ccf8acf380fab0ec699655ce61fc03ff2caba4dbd2e5249b27a8b475aac6
Instruction ID: c5460a85eac216318917f1c8eb96e543d81a7ef0745f15347c89988bdbad4a6f
Opcode Fuzzy Hash: 2975ccf8acf380fab0ec699655ce61fc03ff2caba4dbd2e5249b27a8b475aac6
Instruction Fuzzy Hash: E321752371A6C48BE3128F6D584138DBF24A3667D4F85854BCFC5A7397C938D58AC362

Function 0000000140144401 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d53f1cacecc6667c6fd4c368709b4b7bb06c82ba3e5cb2869f68f0e02d02551e
Instruction ID: b421a22872b8c14c52c8b231db1a38aaf975fd112edacaea8653d40d9de9a16a
Opcode Fuzzy Hash: d53f1cacecc6667c6fd4c368709b4b7bb06c82ba3e5cb2869f68f0e02d02551e
Instruction Fuzzy Hash: 0A11440361A3D88A930B8B7C5D08D0E6E98E277AD838ED559CA85EB757C038C555C372

Function 0000000140074420 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34179f86df402b82511f0091e13cae6713a6d59614f70e7203e03f2f5b8b82d4
Instruction ID: eeb39d83ed75a694651d189fa5d1dbe2659a60b3e409e0caf5d61b67e283c91c
Opcode Fuzzy Hash: 34179f86df402b82511f0091e13cae6713a6d59614f70e7203e03f2f5b8b82d4
Instruction Fuzzy Hash: 7E211F727041608FE756CBBBEC88FD277D2A399345F18C125AA05973B4EABC9881DF41

Function 0000000140074150 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f74138037000ac718c2c67716eb6269828410e1e821a6679b070534692e118c5
Instruction ID: 080bc22506f990e202885b78fb00a10214e1bfed16693969c13d80f83d880280
Opcode Fuzzy Hash: f74138037000ac718c2c67716eb6269828410e1e821a6679b070534692e118c5
Instruction Fuzzy Hash: 812160B17141618BE716CFABEC98FD1B7D6E358340F498226EA01973B4DABC9881CF10

Function 0000000140076230 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2afec8eae6813d3e9d613ac8db8616558ffa10f49073123d66bb8066bdeeacc
Instruction ID: 85e62936d191b972380fa6fbda97c7bd99fdba2a0b249fbcf6f2a99ad99b29f7
Opcode Fuzzy Hash: c2afec8eae6813d3e9d613ac8db8616558ffa10f49073123d66bb8066bdeeacc
Instruction Fuzzy Hash: E72172717045504BE756CB7BEA88FC577E2A35C341F44C12BAA05973B6DAF89881CF40

Function 000000014011E150 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e472e5b6bf6e0eb973615e70a08452233368c034746ab5f086d19cb174700e76
Instruction ID: 2bb55f03c6343fe57df7bf24c00f2f130b7446feee0be582badf1145775404b3
Opcode Fuzzy Hash: e472e5b6bf6e0eb973615e70a08452233368c034746ab5f086d19cb174700e76
Instruction Fuzzy Hash: 7FA00236109C00D4E64E8B42E8A17D02378E39CB01F408115D20A46470DF38C440D300

Function 00000001400D82C8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 52libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00000001400D82DE
GetModuleHandleW.KERNEL32 ref: 00000001400D82EB
GetModuleHandleW.KERNEL32 ref: 00000001400D8300
GetProcAddress.KERNEL32 ref: 00000001400D8318
GetProcAddress.KERNEL32 ref: 00000001400D832B
CreateEventW.KERNEL32 ref: 00000001400D8357

Strings

kernel32.dll, xrefs: 00000001400D82F9
WakeAllConditionVariable, xrefs: 00000001400D831E
SleepConditionVariableCS, xrefs: 00000001400D830E
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00000001400D82E4

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: AddressHandleModuleProc$CountCreateCriticalEventInitializeSectionSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 4003212759-3242537097
Opcode ID: b3775c5b7d8ccb65a2cc3f43960c2e30c81ff0aeaa7395656332f011401618f2
Instruction ID: 2e4095a0c32286ecf55e0cd5e999d7ae937dd5a8cd91e77fc6841be53f3e9afe
Opcode Fuzzy Hash: b3775c5b7d8ccb65a2cc3f43960c2e30c81ff0aeaa7395656332f011401618f2
Instruction Fuzzy Hash: 4B21F930215B0191FE279B62F855BE923A1AF4DF90F984429AF1E476F1EE78C55AC320

Function 00000001401B8724 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 259COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001401B874C
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00000001401B8834
__except_validate_context_record.LIBVCRUNTIME ref: 00000001401B8986

Strings

csm, xrefs: 00000001401B8886
csm, xrefs: 00000001401B89AB
csm, xrefs: 00000001401B876E
MZx, xrefs: 00000001401B89ED

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Frame__except_validate_context_record$EmptyHandler3::StateUnwind
String ID: MZx$csm$csm$csm
API String ID: 482329946-2572334722
Opcode ID: f2dbae3c03017e92c6fc150fe2af382e83fb2e11c0e9caa0d6bf5d701d2e0655
Instruction ID: f2903bdd07c0098db7c8af5e58729b5ff8c37e268f671e188e1ccadf1123bf80
Opcode Fuzzy Hash: f2dbae3c03017e92c6fc150fe2af382e83fb2e11c0e9caa0d6bf5d701d2e0655
Instruction Fuzzy Hash: F8B19132200A808AEB668F27D5947AD7BB0F359F89F149116DF9847BE6CB38D4A1C741

Function 00000001401C86C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000001401C8745
GetLastError.KERNEL32 ref: 00000001401C8753
LoadLibraryExW.KERNEL32 ref: 00000001401C877D
FreeLibrary.KERNEL32 ref: 00000001401C87C3
GetProcAddress.KERNEL32 ref: 00000001401C87CF

Strings

api-ms-, xrefs: 00000001401C8765
MZx, xrefs: 00000001401C86DE, 00000001401C878E, 00000001401C87AC

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: 55563bc3a79f93bf70271082ca9e65adb4758254beead3cb74a94b9a663de654
Instruction ID: edd38084308cb40bb03f7737ce0f7fc65c7d6d44ba2d0fa8a191b04106349241
Opcode Fuzzy Hash: 55563bc3a79f93bf70271082ca9e65adb4758254beead3cb74a94b9a663de654
Instruction Fuzzy Hash: AC318E3521AB8095FE139B13A850BE97394BB4CFA4F6A0529EF1E0B7A5EF38D445C300

Function 00000001401C61C8 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401C65FE

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 80e3c1eecb25ec81a6638359cb912ade2063091250e21225830b3969473aa6fa
Instruction ID: 41bb734d722f2e065c9da7270c28370c0e0703985d7d9f51cd925566c6763535
Opcode Fuzzy Hash: 80e3c1eecb25ec81a6638359cb912ade2063091250e21225830b3969473aa6fa
Instruction Fuzzy Hash: 4CC1DF32608B8486EB629F2794483EE7BA1F399FC4F554111EB8A077F5CE78C896C700

Function 00000001401B66E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401B6759
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B67A9
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B67F1
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B6829
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B689E

Strings

MZx, xrefs: 00000001401B6704

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: MZx
API String ID: 3215553584-2575928145
Opcode ID: c6073e2160b03ec95e7ef8f8285cc947f7c03c4af799b3c0e001651582bca616
Instruction ID: a0d3ee0621beb2a4f131d089222db80da5f44a3321bacfd463612e7f4206e012
Opcode Fuzzy Hash: c6073e2160b03ec95e7ef8f8285cc947f7c03c4af799b3c0e001651582bca616
Instruction Fuzzy Hash: 5C515132904F4486EB639F36A4A03ED3BF1A769F48F598411DB88473A6CB3DC856C712

Function 00000001401B60D4 Relevance: 9.4, APIs: 6, Instructions: 411COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401B610A
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B61C5

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fd06a5c3441736b718d9918243067c56e7e1c5b00f1ff184e518c75b66b1c24e
Instruction ID: cd083cb34bbdba172d41f39c3abc0d8c0b940a3956a8176d93e2aab2ac6b736a
Opcode Fuzzy Hash: fd06a5c3441736b718d9918243067c56e7e1c5b00f1ff184e518c75b66b1c24e
Instruction Fuzzy Hash: 93E1B272A05E8489F7628F3BD5903ED3BB5A379F84F848012DB99477A6D73DC8698700

Function 000000014012C7E0 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 302COMMON

Download Yara Rule

APIs

Part of subcall function 00000001401AF770: GetSystemTimeAsFileTime.KERNEL32 ref: 00000001401AF784

SetLastError.KERNEL32 ref: 000000014012C81E

Strings

.\ssl\d1_srvr.c, xrefs: 000000014012D4C5
.\ssl\d1_srvr.c, xrefs: 000000014012C8A7
MZx, xrefs: 000000014012C90D, 000000014012D283, 000000014012D297, 000000014012D2CC, 000000014012D2EE
.\ssl\d1_srvr.c, xrefs: 000000014012D461
.\ssl\d1_srvr.c, xrefs: 000000014012D49C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: Time$ErrorFileLastSystem
String ID: .\ssl\d1_srvr.c$.\ssl\d1_srvr.c$.\ssl\d1_srvr.c$.\ssl\d1_srvr.c$MZx
API String ID: 2781989572-400045972
Opcode ID: 1a18205f4d730450236bd8ec17cbb5567fb501f32e43a37d55e50177d4c14304
Instruction ID: 9123eee6e92b63c8483628895463ea7a85985c2a0ad9287a34e39cd484ceef71
Opcode Fuzzy Hash: 1a18205f4d730450236bd8ec17cbb5567fb501f32e43a37d55e50177d4c14304
Instruction Fuzzy Hash: 9CD19CB630438497EB6A9B27D6903EE37A5F748B84F408129DB0957BE1DF38D4A5CB40

Function 00000001401BA180 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00000001401BA1F0
_CallSETranslator.LIBVCRUNTIME ref: 00000001401BA23B

Strings

MOC, xrefs: 00000001401BA204
MZx, xrefs: 00000001401BA29E, 00000001401BA3A8
RCC, xrefs: 00000001401BA20C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$MZx$RCC
API String ID: 3544855599-2476776655
Opcode ID: d6ac54efc11526ed26bd60b48cff3ac9cca359ca0c1f082651d4bc800acdc6f9
Instruction ID: cae2ff4dddde9761609fef20366290691ded3f58fe9f4a5e62bd8dc6aeb22aca
Opcode Fuzzy Hash: d6ac54efc11526ed26bd60b48cff3ac9cca359ca0c1f082651d4bc800acdc6f9
Instruction Fuzzy Hash: 2B918A73614B948AE752DB66E8807DD7BB0F348B88F54411AEF8917B69DB38C1A5CB00

Function 00000001401B6584 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401B65FD
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B6662
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B669E
_invalid_parameter_noinfo.LIBCMT ref: 00000001401B66CF

Strings

MZx, xrefs: 00000001401B659C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: MZx
API String ID: 3215553584-2575928145
Opcode ID: f4aede75a89ba99e93673ca31562a42cfb055db8b043cb0ad8e768c3581c8f31
Instruction ID: 40e2c4c2f856518b65a9d6f518b2d3bd7b5a42956c0941dcee043e0194b49c2b
Opcode Fuzzy Hash: f4aede75a89ba99e93673ca31562a42cfb055db8b043cb0ad8e768c3581c8f31
Instruction Fuzzy Hash: F5416A72904F848AEB539F32D4503ED3FE4A769F48F488051DB884736ADA3EC855CB12

Function 00000001401BE790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001401BE7D3

Strings

-, xrefs: 00000001401BE9B4
e+000, xrefs: 00000001401BE878
gfff, xrefs: 00000001401BE8F5

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$e+000$gfff
API String ID: 3215553584-2620144452
Opcode ID: 604e7b26588fccabe1ec2bb6712a4c43f01239f963167868985b51662e03b519
Instruction ID: dc31f6af121b93fd9b96d7951fee6147264650121b2cfbd2b669fb9438bff515
Opcode Fuzzy Hash: 604e7b26588fccabe1ec2bb6712a4c43f01239f963167868985b51662e03b519
Instruction Fuzzy Hash: 2571C572714BC486E7668F36E4813997BE1F749F90F489225DBA84BBE5DB39C444CB00

Function 00000001400CE820 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00000001400CE85C

Part of subcall function 00000001401B06CC: _invalid_parameter_noinfo.LIBCMT ref: 00000001401B06E0

GetLastError.KERNEL32 ref: 00000001400CE871

Strings

.\crypto\bio\bss_file.c, xrefs: 00000001400CE8A3
.\crypto\bio\bss_file.c, xrefs: 00000001400CE887

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorLast_fread_nolock_invalid_parameter_noinfo
String ID: .\crypto\bio\bss_file.c$.\crypto\bio\bss_file.c
API String ID: 2776912817-1149555676
Opcode ID: 3ab90a30a8fefab578a4e06f35633d54c02f26d5f8d40131059adc7d3bc8f722
Instruction ID: f75203bf44c49426e714ad67246f17e548da03b3678b3680bd40bc177eb6d235
Opcode Fuzzy Hash: 3ab90a30a8fefab578a4e06f35633d54c02f26d5f8d40131059adc7d3bc8f722
Instruction Fuzzy Hash: FA11CEB230564583EB229B62D4043DA73A1FB89BC4F140121FF4847BE6DF79CA96CB40

Function 00000001401BC328 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 282COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00000001401BC4B9
_get_daylight.LIBCMT ref: 00000001401BC548

Part of subcall function 00000001401BBB48: _invalid_parameter_noinfo.LIBCMT ref: 00000001401BBB5C

Strings

MZx, xrefs: 00000001401BC352, 00000001401BC626

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: MZx
API String ID: 1286766494-2575928145
Opcode ID: 07c2258919fede893274977ec82d723454e1b4bdd776db322a451534ed4cadc6
Instruction ID: 7372f53300267da3fb6a0a829e4cbcb5d253e5dc6ac86e8b1fa802174fc279fa
Opcode Fuzzy Hash: 07c2258919fede893274977ec82d723454e1b4bdd776db322a451534ed4cadc6
Instruction Fuzzy Hash: 78D1F4726209908BE76A8F16E855FE9B7B5F3ACB40F11511AEB5187AF0D778D840CF00

Function 00000001401C6620 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00000001401C66F9
GetLastError.KERNEL32 ref: 00000001401C68F8

Strings

MZx, xrefs: 00000001401C6638, 00000001401C6718, 00000001401C679B, 00000001401C67A6, 00000001401C690C

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: MZx
API String ID: 1948546556-2575928145
Opcode ID: 1055013332ae208d7a947974631bc77ce76a3c5d50620b0cdd3a0cca26033f08
Instruction ID: 32313fbf61f5209045a904fb57c353e6e7930ff37dcee81c491571f1c95c9af6
Opcode Fuzzy Hash: 1055013332ae208d7a947974631bc77ce76a3c5d50620b0cdd3a0cca26033f08
Instruction Fuzzy Hash: 5A91F53261C7C895EB639B3694483EC7B91B35DF98F588612DB9A476E5CA38C04AC302

Function 00000001401C46E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00000001401C4728
GetCurrentDirectoryW.KERNEL32 ref: 00000001401C477A

Strings

:, xrefs: 00000001401C473E

Memory Dump Source

Source File: 00000000.00000002.3306101296.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.3306086462.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306309089.000000014024D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306327950.000000014024E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306349633.000000014024F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306373210.0000000140251000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306391840.0000000140252000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306409002.0000000140253000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306444297.000000014025D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306468151.000000014025F000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306484996.0000000140269000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306510736.000000014026A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306529256.0000000140270000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306551605.0000000140271000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306578121.0000000140292000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306602932.0000000140294000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306660248.00000001402C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306742538.00000001402C1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3306766728.00000001402C2000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_5BL9UfLKF4.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: d7a2727478aa5193ff5ae1ecdf8a8c9af6f8bfa62cef303da71ab4377b37ae2c
Instruction ID: 65692b4c69e62a45817e626b28b2422dbe30e13400c0896a6f0d7707c45ebd10
Opcode Fuzzy Hash: d7a2727478aa5193ff5ae1ecdf8a8c9af6f8bfa62cef303da71ab4377b37ae2c
Instruction Fuzzy Hash: E421AD3221868082FB229B12D44439E73F2F78CF84F458025DB89436A8DFBCC9858B51

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 5BL9UfLKF4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: 5BL9UfLKF4.exePID: 368, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: 5BL9UfLKF4.exePID: 368, Parent PID: 1028COMMON

Execution Graph

Graph

Executed Functions

Function 0000000140178120 Relevance: 135.2, APIs: 48, Strings: 29, Instructions: 482libraryloadermemoryCOMMON

Windows Analysis Report
5BL9UfLKF4.exe

Function 0000000140178120 Relevance: 135.2, APIs: 48, Strings: 29, Instructions: 482
libraryloadermemoryCOMMON

Function 0000000140139AA0 Relevance: 14.1, Strings: 11, Instructions: 391
COMMON

Function 00000001400011E6 Relevance: 13.0, APIs: 8, Instructions: 990
COMMON

Function 0000000140139AC0 Relevance: 12.9, Strings: 10, Instructions: 376
COMMON

Function 00000001400016B8 Relevance: 12.7, APIs: 8, Instructions: 743
COMMON

Function 0000000140001836 Relevance: 12.7, APIs: 8, Instructions: 700
COMMON

Function 0000000140001002 Relevance: 11.3, APIs: 7, Instructions: 782
COMMON

Function 000000014007792F Relevance: 5.9, APIs: 3, Instructions: 1414
COMMON

Function 00000001400810AC Relevance: 5.1, APIs: 3, Instructions: 590
networkCOMMON