Edit tour

Windows Analysis Report
6uxhmwu2e4.exe

Overview

General Information

Sample name:	6uxhmwu2e4.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	1fc8050bdf299c760f99b66afa2ef9ddbd2478ed8393a49874736302eb284066
Analysis ID:	1417477
MD5:	292abe12662d082106d33cc968a07271
SHA1:	d1f2b3f81bcd7d91c87ab56953ca600881472b18
SHA256:	1fc8050bdf299c760f99b66afa2ef9ddbd2478ed8393a49874736302eb284066

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

.NET source code references suspicious native API functions

Machine Learning detection for sample

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to query CPU information (cpuid)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w7x64

6uxhmwu2e4.exe (PID: 2724 cmdline: "C:\Users\user\Desktop\6uxhmwu2e4.exe" MD5: 292ABE12662D082106D33CC968A07271)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 6uxhmwu2e4.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 6uxhmwu2e4.exe	ReversingLabs: Detection: 100%
Source: 6uxhmwu2e4.exe	Virustotal: Detection: 84%			Perma Link

Machine Learning detection for sample

Source: 6uxhmwu2e4.exe

Joe Sandbox ML: detected

Source: 6uxhmwu2e4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 6uxhmwu2e4.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\projects\raven-csharp\build\obj\Release\net35\SharpRaven.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Engine\obj\Release\Avira.Spotlight.Bootstrapper.Engine.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdbK source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Reactive\obj\Release\Avira.Spotlight.Bootstrapper.Reactive.pdb> source: 6uxhmwu2e4.exe
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Common\obj\Release\ProductLabel.Common.pdbkw source: 6uxhmwu2e4.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net35\Microsoft.Win32.TaskScheduler.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\dd\WPFOOB_1\src\WindowChrome\Microsoft.Windows.Shell\obj\Release\Microsoft.Windows.Shell.pdb(j source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.MefAttributedModel.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Mixpanel\Avira.Common.Mixpanel\obj\Release\net35\Avira.Common.Mixpanel.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Common\obj\Release\ProductLabel.Common.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIocAttributes.pdbSHA256C source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.Common.Guards\obj\Release\net35\Avira.Common.Guards.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.FileDownloader\obj\Release\net35\Avira.FileDownloader.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\SRC\endpoint-protection-sdk1\BuildOutput\Bin\Win32\Release\ACSSigned.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIocAttributes.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.FileDownloader\obj\Release\net35\Avira.FileDownloader.pdbSHA2562 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Logging\obj\Release\Avira.Spotlight.Bootstrapper.Logging.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.Common.Guards\obj\Release\net35\Avira.Common.Guards.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Mixpanel\Avira.Common.Mixpanel\obj\Release\net35\Avira.Common.Mixpanel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Avira\obj\Release\ProductLabel.pdbG source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.ReportingTool\obj\Release\Avira.Spotlight.Bootstrapper.ReportingTool.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Avira\obj\Release\ProductLabel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper\obj\Release\Avira.Spotlight.Bootstrapper.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Core\obj\Release\Avira.Spotlight.Bootstrapper.Core.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.MefAttributedModel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Reactive\obj\Release\Avira.Spotlight.Bootstrapper.Reactive.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net35\Microsoft.Win32.TaskScheduler.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Runner\obj\Release\Avira.Spotlight.Bootstrapper.Runner.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\dd\WPFOOB_1\src\WindowChrome\Microsoft.Windows.Shell\obj\Release\Microsoft.Windows.Shell.pdb source: 6uxhmwu2e4.exe

Source: 6uxhmwu2e4.exe	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://james.newtonking.com/projects/json
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.entrust.net02
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.entrust.net03
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://sentry-dsn.invalid
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.entrust.net/rpa0
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.entrust.net/rpa03
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.fontfont.comhttp://www.fontfont.com/licensing-web
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.fontfont.comhttp://www.fontfont.com/licensing-web2009
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html2009
Source: 6uxhmwu2e4.exe	String found in binary or memory: http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.htmlKievit
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://api.mixpanel.com/
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://api.my.avira.com7https://api.oeacc.avira.com
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://beta.avira.com/download/Ohttp://download-acc.avira.org/download/
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://cdn-download.securebrowser.com/avira/avira_secure_browser_setup.exe
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://clients2.google.com/service/update2/crxmHKEY_LOCAL_MACHINE
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://dispatch.avira-update.com/
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://download.avira.com/download/IEndpointProtectionConfiguration.json5Creating
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/de/articles/360003162153-Deinstallation-von-Avira-f
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/de/articles/360003958298-Issues-with-the-installation-
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/de/sections/360003574777-Installation-Konfiguration-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/en-us
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/en-us/articles/360003077114-How-do-I-remove-an-Avira-browser-extension-
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/en-us/articles/360003162153-Uninstallation-of-Avira-for-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/fr/articles/360003162153-D
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/fr/sections/360003574777-Installation-et-configuration-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/it/articles/360003162153-Disinstallazione-di-Avira-per-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://support.avira.com/hc/it/sections/360003574777-Installazione-e-configurazione-Windows
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://testing.update-bridge.avira.net
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/de/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/de/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/de/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/1766
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/en/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/en/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/en/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/es/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/es/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/es/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/fr/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/fr/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/fr/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/it/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/it/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/it/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ja/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ja/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ja/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/nl/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/nl/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/nl/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/pt-br/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/pt-br/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/pt-br/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ru/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ru/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/ru/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/tr/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/tr/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/tr/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-cn/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-cn/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-cn/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-tw/end-user-license-agreement-terms-of-use
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-tw/general-privacy
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.avira.com/zh-tw/legal-terms
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.entrust.net/rpa0
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.getsentry.com
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.getsentry.com.
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.google-analytics.com/
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.google-analytics.com/collect
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.google-analytics.com/mp/collect?api_secret=MZl7w2XLQ4W8j2oFw1wZwA&measurement_id=G-LKJ0G
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe

Memory allocated: 770B0000 page execute and read and write

Jump to behavior

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013E30E9	0_2_013E30E9
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013CC370	0_2_013CC370
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013D9369	0_2_013D9369
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013DE710	0_2_013DE710
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013E96B4	0_2_013E96B4
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013A6DB3	0_2_013A6DB3
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013D6F10	0_2_013D6F10
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013E7F10	0_2_013E7F10
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013CFFF9	0_2_013CFFF9
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013A6E42	0_2_013A6E42
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013D4EDF	0_2_013D4EDF
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013D50A6	0_2_013D50A6

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: String function: 013CAB5C appears 142 times
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: String function: 013CB3A0 appears 59 times
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: String function: 013CAB8F appears 134 times

Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: 6uxhmwu2e4.exe	Static PE information: Resource name: BIN type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000019CC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Logging.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDryIoc.dll. vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDryIoc.MefAttributedModel.dllT vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDryIocAttributes.dllB vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Windows.Shell.dllP vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSharpRaven.dll6 vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Common.Mixpanel.dllL vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Common.Guards.dllH vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameACSSigned.exeJ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000019A1000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Runner.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: GetOriginalFileNameFromDownload vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.FileDownloader.dllJ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: <OriginalFileName>k__BackingField vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: get_OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: set_OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: originalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001614000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332871738.00000000013F3000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: FremoveSoftware\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}bootstrapperRebootPendingBootstrapperInstallationStartDateAvira.Spotlight.Bootstrapper.RebootPendingFailed to get Windows DirectoryTempApplications\Avira.Spotlight.Bootstrapper.exeNoStartPageAviraFallbackUpdaterAvira.Spotlight.FallbackUpdater@abff403a-9b56-48e6-8753-10fb19692501Global\Avira.Security.Updater@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.FallbackUpdater.Avira\Security\Logs\Elevated\Fallback updater mode, running as a serviceRegistering service control handler failedStarting serviceAnother instance is already running, stoppingService startedReport service status stoppedWaiting for delay to elapseGetting updater mutex failedWaiting for updater process to elapseWait for updater process doneWait for updater process timeout exceeded, continue anywaysExtracting resourcesRunning bootstrapper in update modeAction=Update Silent=trueAvira.Spotlight.Bootstrapper.exeFailed to start bootstrapper processBootstrapper process exitedReporting service status failed: Delayed=falsevector too longcopyAviraMigrationCleanupAvira.Spotlight.MigrationCleanup@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.MigrationCleanup.Migration cleanup mode, running as a serviceStopEventWrapper not valid.Running bootstrapper in migration cleanup modeAction=CleanupAvirastMigration Silent=trueStopEvent not valid.Avira\Migration Cleanup\\?\\\?\UNC\\\?\GLOBALROOTcanonicalkernel32.dllSetDefaultDllDirectoriesPreparing to execute installer from temp folder to temp folder...Copying uninstaller from Marking temp folder to be deleted after reboot with parameters: Starting Bootstrapper from temp folder: Exception on starting bootstrapper from temp folderActionAction=InstallAction=UninstallAction=RepairAction=RegisterUninstallerAction=PerformMigrationAction=RegisterFallbackUpdaterAction=RemoveFallbackUpdaterAction=CleanupAvirastMigrationAction=PerformAvirastMigrationAvira_Security_Installation" Error creating scheduled taskRunMode=ResumeAvira.Spotlight.Bootstrapper.Runner.exeAvira.Spotlight.Bootstrapper.Runner.exe.configError preparing installation scheduled taskAvira.Spotlight.Bootstrapper.ReportingTool.exe" Avira_Spotlight_Bootstrapper_*.log bootstrapper " /TrackUnsentEventsAndCleanup /TrackUnsentEventsOriginalFileName= OriginalFileName=Failed to run bootstrapper appFailed to open current process' token.SeShutdownPrivilegeFailed to look up shutdown privilege.Failed to set shutdown privilege.Failed to initiate reboot.Exception during handling operation resultBootstrapper operation result: ConfigurationOverride=/verysilentSilent=trueReplaced /verysilent cmdline argument with Silent=true/norestartRemoved /norestart cmdline argument/suppressmsgboxesRemoved /suppressmsgboxes cmdline argumentFallbackUpdater=trueCleanupAvirastMigration=trueCommand line arguments: ExecuteFromTemp=trueUnpackInCurrentDirectory=trueRunModeRunMode=DefaultAllowMultipleInstances=trueAvira.Spotlight.Bootstrapper.PresetupException during sch
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000015B7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameProductLabel.Common.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000016E3000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Engine.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Core.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000019BA000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.0000000001717000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Reactive.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.ReportingTool.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameavira.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: get_OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.000000000198C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameProductLabel.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.000000000198C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe, 00000000.00000000.332877294.00000000019E6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: FremoveSoftware\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}bootstrapperRebootPendingBootstrapperInstallationStartDateAvira.Spotlight.Bootstrapper.RebootPendingFailed to get Windows DirectoryTempApplications\Avira.Spotlight.Bootstrapper.exeNoStartPageAviraFallbackUpdaterAvira.Spotlight.FallbackUpdater@abff403a-9b56-48e6-8753-10fb19692501Global\Avira.Security.Updater@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.FallbackUpdater.Avira\Security\Logs\Elevated\Fallback updater mode, running as a serviceRegistering service control handler failedStarting serviceAnother instance is already running, stoppingService startedReport service status stoppedWaiting for delay to elapseGetting updater mutex failedWaiting for updater process to elapseWait for updater process doneWait for updater process timeout exceeded, continue anywaysExtracting resourcesRunning bootstrapper in update modeAction=Update Silent=trueAvira.Spotlight.Bootstrapper.exeFailed to start bootstrapper processBootstrapper process exitedReporting service status failed: Delayed=falsevector too longcopyAviraMigrationCleanupAvira.Spotlight.MigrationCleanup@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.MigrationCleanup.Migration cleanup mode, running as a serviceStopEventWrapper not valid.Running bootstrapper in migration cleanup modeAction=CleanupAvirastMigration Silent=trueStopEvent not valid.Avira\Migration Cleanup\\?\\\?\UNC\\\?\GLOBALROOTcanonicalkernel32.dllSetDefaultDllDirectoriesPreparing to execute installer from temp folder to temp folder...Copying uninstaller from Marking temp folder to be deleted after reboot with parameters: Starting Bootstrapper from temp folder: Exception on starting bootstrapper from temp folderActionAction=InstallAction=UninstallAction=RepairAction=RegisterUninstallerAction=PerformMigrationAction=RegisterFallbackUpdaterAction=RemoveFallbackUpdaterAction=CleanupAvirastMigrationAction=PerformAvirastMigrationAvira_Security_Installation" Error creating scheduled taskRunMode=ResumeAvira.Spotlight.Bootstrapper.Runner.exeAvira.Spotlight.Bootstrapper.Runner.exe.configError preparing installation scheduled taskAvira.Spotlight.Bootstrapper.ReportingTool.exe" Avira_Spotlight_Bootstrapper_*.log bootstrapper " /TrackUnsentEventsAndCleanup /TrackUnsentEventsOriginalFileName= OriginalFileName=Failed to run bootstrapper appFailed to open current process' token.SeShutdownPrivilegeFailed to look up shutdown privilege.Failed to set shutdown privilege.Failed to initiate reboot.Exception during handling operation resultBootstrapper operation result: ConfigurationOverride=/verysilentSilent=trueReplaced /verysilent cmdline argument with Silent=true/norestartRemoved /norestart cmdline argument/suppressmsgboxesRemoved /suppressmsgboxes cmdline argumentFallbackUpdater=trueCleanupAvirastMigration=trueCommand line arguments: ExecuteFromTemp=trueUnpackInCurrentDirectory=trueRunModeRunMode=DefaultAllowMultipleInstances=trueAvira.Spotlight.Bootstrapper.PresetupException during sch
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameavira.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: get_OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.ReportingTool.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Runner.exe> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: GetOriginalFileNameFromDownload vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.FileDownloader.dllJ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: <OriginalFileName>k__BackingField vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: set_OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: originalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFileName vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Core.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Engine.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Reactive.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.Logging.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameDryIoc.dll. vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameDryIoc.MefAttributedModel.dllT vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameDryIocAttributes.dllB vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameMicrosoft.Windows.Shell.dllP vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameSharpRaven.dll6 vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Common.Mixpanel.dllL vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Common.Guards.dllH vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameACSSigned.exeJ vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameProductLabel.Common.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameProductLabel.dll> vs 6uxhmwu2e4.exe
Source: 6uxhmwu2e4.exe	Binary or memory string: OriginalFilenameAvira.Spotlight.Bootstrapper.resources.dll@ vs 6uxhmwu2e4.exe

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Section loaded: wow64win.dll			Jump to behavior
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Section loaded: wow64cpu.dll			Jump to behavior

Source: 6uxhmwu2e4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, FallbackUpdaterScheduledTask.cs	Task registration methods: 'Create'
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, IWindowsTaskScheduler.cs	Task registration methods: 'CreateTask'
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, WindowsTaskScheduler.cs	Task registration methods: 'CreateEmptyTaskDefinition', 'CreateTask'
Source: 0.2.6uxhmwu2e4.exe.1435d18.7.raw.unpack, MainWindowHelper.cs	Task registration methods: 'TryCreateTaskbarItemInfo'
Source: 0.0.6uxhmwu2e4.exe.1435d18.3.raw.unpack, MainWindowHelper.cs	Task registration methods: 'TryCreateTaskbarItemInfo'

Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, DiskUsageInfoProvider.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, FileSystemUtils.cs	Security API names: Directory.GetAccessControl
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, FileSystemUtils.cs	Security API names: Directory.SetAccessControl
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, FileSystemUtils.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, FileSystemUtils.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, FileSystemUtils.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)

Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, ContainerTools.cs	Suspicious method names: .ContainerTools.InjectPropertiesAndFields
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, TrackingPayload.cs	Suspicious method names: .TrackingPayload.ToV3Request
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, TrackingPayload.cs	Suspicious method names: .TrackingPayload.ToV4Request
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, TrackingPayload.cs	Suspicious method names: .PayloadStringBuilder.Add
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, FeedbackPayloadBuilder.cs	Suspicious method names: .FeedbackPayloadBuilder.BuildPayload
Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, Container.cs	Suspicious method names: .Container.InjectPropertiesAndFields
Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, PropertiesAndFields.cs	Suspicious method names: .PropertiesAndFields.IsInjectable
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, IFeedbackPayloadBuilder.cs	Suspicious method names: ..BuildPayload
Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, IResolverContext.cs	Suspicious method names: ..InjectPropertiesAndFields
Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, Rules.cs	Suspicious method names: .Rules.WithMicrosoftDependencyInjectionRules
Source: 0.2.6uxhmwu2e4.exe.174da80.18.raw.unpack, Rules.cs	Suspicious method names: .Rules.SetMicrosoftDependencyInjectionRules

Source: classification engine

Classification label: mal64.evad.winEXE@1/0@0/0

Source: 6uxhmwu2e4.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 6uxhmwu2e4.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: 6uxhmwu2e4.exe	ReversingLabs: Detection: 100%
Source: 6uxhmwu2e4.exe	Virustotal: Detection: 84%

Source: 6uxhmwu2e4.exe	String found in binary or memory: FremoveSoftware\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}bootstrapperRebootPendingBootstrapperInstallationStartDateAvira.Spotlight.Bootstrapper.RebootPendingFailed to get Windows DirectoryTempApplications\Avira.Spotlight.Bootstrapper.exeNoStartPageAviraFallbackUpdaterAvira.Spotlight.FallbackUpdater@abff403a-9b56-48e6-8753-10fb19692501Global\Avira.Security.Updater@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.FallbackUpdater.Avira\Security\Logs\Elevated\Fallback updater mode, running as a serviceRegistering service control handler failedStarting serviceAnother instance is already running, stoppingService startedReport service status stoppedWaiting for delay to elapseGetting updater mutex failedWaiting for updater process to elapseWait for updater process doneWait for updater process timeout exceeded, continue anywaysExtracting resourcesRunning bootstrapper in update modeAction=Update Silent=trueAvira.Spotlight.Bootstrapper.exeFailed to start bootstrapper processBootstrapper process exitedReporting service status failed: Delayed=falsevector too longcopyAviraMigrationCleanupAvira.Spotlight.MigrationCleanup@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.MigrationCleanup.Migration cleanup mode, running as a serviceStopEventWrapper not valid.Running bootstrapper in migration cleanup modeAction=CleanupAvirastMigration Silent=trueStopEvent not valid.Avira\Migration Cleanup\\?\\\?\UNC\\\?\GLOBALROOTcanonicalkernel32.dllSetDefaultDllDirectoriesPreparing to execute installer from temp folder to temp folder...Copying uninstaller from Marking temp folder to be deleted after reboot with parameters: Starting Bootstrapper from temp folder: Exception on starting bootstrapper from temp folderActionAction=InstallAction=UninstallAction=RepairAction=RegisterUninstallerAction=PerformMigrationAction=RegisterFallbackUpdaterAction=RemoveFallbackUpdaterAction=CleanupAvirastMigrationAction=PerformAvirastMigrationAvira_Security_Installation" Error creating scheduled taskRunMode=ResumeAvira.Spotlight.Bootstrapper.Runner.exeAvira.Spotlight.Bootstrapper.Runner.exe.configError preparing installation scheduled taskAvira.Spotlight.Bootstrapper.ReportingTool.exe" Avira_Spotlight_Bootstrapper_*.log bootstrapper " /TrackUnsentEventsAndCleanup /TrackUnsentEventsOriginalFileName= OriginalFileName=Failed to run bootstrapper appFailed to open current process' token.SeShutdownPrivilegeFailed to look up shutdown privilege.Failed to set shutdown privilege.Failed to initiate reboot.Exception during handling operation resultBootstrapper operation result: ConfigurationOverride=/verysilentSilent=trueReplaced /verysilent cmdline argument with Silent=true/norestartRemoved /norestart cmdline argument/suppressmsgboxesRemoved /suppressmsgboxes cmdline argumentFallbackUpdater=trueCleanupAvirastMigration=trueCommand line arguments: ExecuteFromTemp=trueUnpackInCurrentDirectory=trueRunModeRunMode=DefaultAllowMultipleInstances=trueAvira.Spotlight.Bootstrapper.PresetupException during sch
Source: 6uxhmwu2e4.exe	String found in binary or memory: FremoveSoftware\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}bootstrapperRebootPendingBootstrapperInstallationStartDateAvira.Spotlight.Bootstrapper.RebootPendingFailed to get Windows DirectoryTempApplications\Avira.Spotlight.Bootstrapper.exeNoStartPageAviraFallbackUpdaterAvira.Spotlight.FallbackUpdater@abff403a-9b56-48e6-8753-10fb19692501Global\Avira.Security.Updater@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.FallbackUpdater.Avira\Security\Logs\Elevated\Fallback updater mode, running as a serviceRegistering service control handler failedStarting serviceAnother instance is already running, stoppingService startedReport service status stoppedWaiting for delay to elapseGetting updater mutex failedWaiting for updater process to elapseWait for updater process doneWait for updater process timeout exceeded, continue anywaysExtracting resourcesRunning bootstrapper in update modeAction=Update Silent=trueAvira.Spotlight.Bootstrapper.exeFailed to start bootstrapper processBootstrapper process exitedReporting service status failed: Delayed=falsevector too longcopyAviraMigrationCleanupAvira.Spotlight.MigrationCleanup@abff403a-9b56-48e6-8753-10fb19692501Avira.Spotlight.MigrationCleanup.Migration cleanup mode, running as a serviceStopEventWrapper not valid.Running bootstrapper in migration cleanup modeAction=CleanupAvirastMigration Silent=trueStopEvent not valid.Avira\Migration Cleanup\\?\\\?\UNC\\\?\GLOBALROOTcanonicalkernel32.dllSetDefaultDllDirectoriesPreparing to execute installer from temp folder to temp folder...Copying uninstaller from Marking temp folder to be deleted after reboot with parameters: Starting Bootstrapper from temp folder: Exception on starting bootstrapper from temp folderActionAction=InstallAction=UninstallAction=RepairAction=RegisterUninstallerAction=PerformMigrationAction=RegisterFallbackUpdaterAction=RemoveFallbackUpdaterAction=CleanupAvirastMigrationAction=PerformAvirastMigrationAvira_Security_Installation" Error creating scheduled taskRunMode=ResumeAvira.Spotlight.Bootstrapper.Runner.exeAvira.Spotlight.Bootstrapper.Runner.exe.configError preparing installation scheduled taskAvira.Spotlight.Bootstrapper.ReportingTool.exe" Avira_Spotlight_Bootstrapper_*.log bootstrapper " /TrackUnsentEventsAndCleanup /TrackUnsentEventsOriginalFileName= OriginalFileName=Failed to run bootstrapper appFailed to open current process' token.SeShutdownPrivilegeFailed to look up shutdown privilege.Failed to set shutdown privilege.Failed to initiate reboot.Exception during handling operation resultBootstrapper operation result: ConfigurationOverride=/verysilentSilent=trueReplaced /verysilent cmdline argument with Silent=true/norestartRemoved /norestart cmdline argument/suppressmsgboxesRemoved /suppressmsgboxes cmdline argumentFallbackUpdater=trueCleanupAvirastMigration=trueCommand line arguments: ExecuteFromTemp=trueUnpackInCurrentDirectory=trueRunModeRunMode=DefaultAllowMultipleInstances=trueAvira.Spotlight.Bootstrapper.PresetupException during sch
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/repair/reinstallview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/avofferview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/errorview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/installcanceledview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/installprogressbigview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/notenoughfreespaceview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/restartview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/rollbackview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Avira.Spotlight.Bootstrapper;V1.0.46.1;component/views/installation/welcomeview.xaml
Source: 6uxhmwu2e4.exe	String found in binary or memory: EulaText?FeedbackFormUninstallSkipButtonCFeedbackFormUninstallSubmitButton#InstallButtonText'InstallCanceledText]InstallPausedSmallCancelInstallationButtonTextEInstallProgressBigCancelButtonText5InstallProgressBigSubTitle/InstallProgressBigTitle5InstallProgressSmallStatus1ReinstallActivateLicenseAReinstallActivateLicenseSubtitle
Source: 6uxhmwu2e4.exe	String found in binary or memory: ReinstallRepair/ReinstallRepairSubTitle#ReinstallSubTitle
Source: 6uxhmwu2e4.exe	String found in binary or memory: Fviews/installation/avofferview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: Bviews/installation/errorview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: Vviews/installation/installcanceledview.bamlOv
Source: 6uxhmwu2e4.exe	String found in binary or memory: \views/installation/installprogressbigview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: `views/installation/installprogresssmallview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: \views/installation/notenoughfreespaceview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: Fviews/installation/restartview.bamlo
Source: 6uxhmwu2e4.exe	String found in binary or memory: Hviews/installation/rollbackview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: \views/installation/securebrowserofferview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: Fviews/installation/welcomeview.baml
Source: 6uxhmwu2e4.exe	String found in binary or memory: >views/repair/reinstallview.baml/
Source: 6uxhmwu2e4.exe	String found in binary or memory: *Installation/InstallProgressSmallView.xaml?
Source: 6uxhmwu2e4.exe	String found in binary or memory: You can find most common ways to fix this <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">here</a> or try again later.
Source: 6uxhmwu2e4.exe	String found in binary or memory: NotSupportedOs : You can find most common ways to fix this <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">here</a> or try again later.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Please try to repair the software again. If you require assistance, contact us <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">here</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Would you like to continue the repair? To ensure a proper repair, pay attention to the following prompts. For assistance, contact us <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">here</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: ?/endpoint-protection-installer-
Source: 6uxhmwu2e4.exe	String found in binary or memory: /install
Source: 6uxhmwu2e4.exe	String found in binary or memory: .*!/silent /install)msedge_installer.loga(Avira\|Avast\|AVG\|Norton\|Piriform) Secure Browser
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net48-web-installer
Source: 6uxhmwu2e4.exe	String found in binary or memory: https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net462-web-installer
Source: 6uxhmwu2e4.exe	String found in binary or memory: /download/webView2-installers/old/MicrosoftEdgeWebView2RuntimeInstaller
Source: 6uxhmwu2e4.exe	String found in binary or memory: .AccessError]https://go.microsoft.com/fwlink/?linkId=780596i/download/dotnet-installers/NDP462-KB3151802-Web.exe
Source: 6uxhmwu2e4.exe	String found in binary or memory: _https://go.microsoft.com/fwlink/?linkId=2085155S/download/dotnet-installers/ndp48-web.exe
Source: 6uxhmwu2e4.exe	String found in binary or memory: /download/webView2-installers/MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Source: 6uxhmwu2e4.exe	String found in binary or memory: /download/webView2-installers/MicrosoftEdgeWebView2RuntimeInstallerX86.exe
Source: 6uxhmwu2e4.exe	String found in binary or memory: packageInfos9Packages already installed: +Packages to install: /Packages to side load: -No packages to deploy.=Side loaded {0} extension: {1}=Download started for {0} ({1})SFailed to execute pre-installation action
Source: 6uxhmwu2e4.exe	String found in binary or memory: 9Task Scheduler 2.0 (1.2) does not support setting this property. You must use an InteractiveToken in order to have the task run in the current user session.#RunOnlyIfLoggedOn3RunOnlyIfNetworkAvailable-StopIfGoingOnBatteries
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/de/articles/360003958298-Issues-with-the-installation-">Hier</a> einige Tipps, wie Sie das beheben k
Source: 6uxhmwu2e4.exe	String found in binary or memory: tigen, kontaktieren Sie uns <a href="https://support.avira.com/hc/de/sections/360003574777-Installation-Konfiguration-Windows">hier</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: s habituales de repararlo <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">aqu
Source: 6uxhmwu2e4.exe	String found in binary or memory: ctenos <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">aqu
Source: 6uxhmwu2e4.exe	String found in binary or memory: me <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">ici</a>. Sinon, veuillez r
Source: 6uxhmwu2e4.exe	String found in binary or memory: /Installez les mises
Source: 6uxhmwu2e4.exe	String found in binary or memory: aide, contactez-nous <a href="https://support.avira.com/hc/fr/sections/360003574777-Installation-et-configuration-Windows">ici</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: comuni per correggere il problema <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">qui</a>, oppure riprova pi
Source: 6uxhmwu2e4.exe	String found in binary or memory: Prova a riparare nuovamente il software. Se hai bisogno di assistenza, contattaci <a href="https://support.avira.com/hc/it/sections/360003574777-Installazione-e-configurazione-Windows">qui</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Procedere con la riparazione? Per garantire una riparazione corretta, presta attenzione alle seguenti indicazioni. Per assistenza, contattaci <a href="https://support.avira.com/hc/it/sections/360003574777-Installazione-e-configurazione-Windows">qui</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">
Source: 6uxhmwu2e4.exe	String found in binary or memory: bDe-installeer eerst {0} en probeer het dan opnieuw. U moet uw apparaat mogelijk opnieuw opstarten.
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">Hier</a> kunt u de meest gebruikelijke manieren vinden om dit op te lossen of probeer het later opnieuw.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Avira de-installatieprogramma
Source: 6uxhmwu2e4.exe	String found in binary or memory: #Uw Avira-installatie is gerepareerd
Source: 6uxhmwu2e4.exe	String found in binary or memory: Probeer de software opnieuw te repareren. Neem <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">hier</a> contact met ons op voor hulp.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Wilt u doorgaan met de reparatie? Neem de volgende aanwijzingen in acht voor een juiste reparatie. Neem <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">hier</a> contact met ons op voor hulp.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Leer <a href="https://support.avira.com/hc/en-us/articles/360003077114-How-do-I-remove-an-Avira-browser-extension-">hier</a> hoe u browserextensies kunt de-installeren
Source: 6uxhmwu2e4.exe	String found in binary or memory: De-installeren
Source: 6uxhmwu2e4.exe	String found in binary or memory: 1U hebt Avira Security met succes gede-installeerd
Source: 6uxhmwu2e4.exe	String found in binary or memory: <Jammer dat u bij ons weggaat. Waarom de-installeert u Avira?
Source: 6uxhmwu2e4.exe	String found in binary or memory: De-installeren... {0}%
Source: 6uxhmwu2e4.exe	String found in binary or memory: Encontre as maneiras mais comuns para corrigir isto <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">aqui</a> ou tente mais tarde.
Source: 6uxhmwu2e4.exe	String found in binary or memory: Tente reparar o software novamente. Se precisar de ajuda, entre em contato conosco <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">aqui</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: gostaria de continuar o reparo? Para garantir um reparo adequado, fique atento aos seguintes avisos. Para obter ajuda, entre em contato conosco <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">aqui</a>.
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">
Source: 6uxhmwu2e4.exe	String found in binary or memory: <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">
Source: 6uxhmwu2e4.exe	String found in binary or memory: lan <a href="https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-">y
Source: 6uxhmwu2e4.exe	String found in binary or memory: z varsa, bizimle <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">buradan</a> ileti
Source: 6uxhmwu2e4.exe	String found in binary or memory: in bizimle <a href="https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows">buradan</a> ileti

Source: 6uxhmwu2e4.exe

Static file information: File size 6860511 > 1048576

Source: 6uxhmwu2e4.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5f7a00

Source: 6uxhmwu2e4.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: 6uxhmwu2e4.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\projects\raven-csharp\build\obj\Release\net35\SharpRaven.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Engine\obj\Release\Avira.Spotlight.Bootstrapper.Engine.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdbK source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Reactive\obj\Release\Avira.Spotlight.Bootstrapper.Reactive.pdb> source: 6uxhmwu2e4.exe
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Common\obj\Release\ProductLabel.Common.pdbkw source: 6uxhmwu2e4.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net35\Microsoft.Win32.TaskScheduler.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\dd\WPFOOB_1\src\WindowChrome\Microsoft.Windows.Shell\obj\Release\Microsoft.Windows.Shell.pdb(j source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.MefAttributedModel.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Mixpanel\Avira.Common.Mixpanel\obj\Release\net35\Avira.Common.Mixpanel.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Common\obj\Release\ProductLabel.Common.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIocAttributes.pdbSHA256C source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.Common.Guards\obj\Release\net35\Avira.Common.Guards.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.FileDownloader\obj\Release\net35\Avira.FileDownloader.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\SRC\endpoint-protection-sdk1\BuildOutput\Bin\Win32\Release\ACSSigned.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIocAttributes.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.FileDownloader\obj\Release\net35\Avira.FileDownloader.pdbSHA2562 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Logging\obj\Release\Avira.Spotlight.Bootstrapper.Logging.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Avira.Common.Guards\obj\Release\net35\Avira.Common.Guards.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-CSC-JOB1\csharp.common\Source\Mixpanel\Avira.Common.Mixpanel\obj\Release\net35\Avira.Common.Mixpanel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Avira\obj\Release\ProductLabel.pdbG source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.ReportingTool\obj\Release\Avira.Spotlight.Bootstrapper.ReportingTool.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\ProductLabel\ProductLabel.Avira\obj\Release\ProductLabel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper\obj\Release\Avira.Spotlight.Bootstrapper.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Core\obj\Release\Avira.Spotlight.Bootstrapper.Core.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.MefAttributedModel.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Reactive\obj\Release\Avira.Spotlight.Bootstrapper.Reactive.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: DryIoc.pdbSHA256 source: 6uxhmwu2e4.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net35\Microsoft.Win32.TaskScheduler.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\bamboo-build\SPL-SBFW320-JOB1\Bootstrapper\Bootstrapper.Runner\obj\Release\Avira.Spotlight.Bootstrapper.Runner.pdb source: 6uxhmwu2e4.exe
Source:	Binary string: C:\dd\WPFOOB_1\src\WindowChrome\Microsoft.Windows.Shell\obj\Release\Microsoft.Windows.Shell.pdb source: 6uxhmwu2e4.exe

Source: 6uxhmwu2e4.exe

Static PE information: real checksum: 0x67df82 should be: 0x68e126

Source: 6uxhmwu2e4.exe

Static PE information: section name: .didat

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013EE34F push ecx; ret	0_2_013EE370
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013A190D push eax; retn 0008h	0_2_013A1916
Source: C:\Users\user\Desktop\6uxhmwu2e4.exe	Code function: 0_2_013CAB2A push ecx; ret	0_2_013CAB3D

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, Sha2AvailabilityProvider.cs	Reference to suspicious API methods: NativeMethods.LoadLibraryExW(Path.Combine(_environment.SystemDirectory, "wintrust.dll"), IntPtr.Zero, 0u)
Source: 0.0.6uxhmwu2e4.exe.162cff0.18.raw.unpack, Sha2AvailabilityProvider.cs	Reference to suspicious API methods: NativeMethods.GetProcAddress(intPtr, "CryptCATAdminAcquireContext2")
Source: 0.2.6uxhmwu2e4.exe.1694450.10.raw.unpack, ProcessFactory.cs	Reference to suspicious API methods: OpenProcessToken(h, acc, out var phtok)

Source: C:\Users\user\Desktop\6uxhmwu2e4.exe

Code function: 0_2_013CAFB7 cpuid

0_2_013CAFB7

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Information Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
6uxhmwu2e4.exe	100%	ReversingLabs	Win32.Virus.Floxif
6uxhmwu2e4.exe	85%	Virustotal		Browse
6uxhmwu2e4.exe	100%	Avira	W32/Floxif.iici
6uxhmwu2e4.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net02	0%	URL Reputation	safe
http://ocsp.entrust.net02	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://james.newtonking.com/projects/json	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
https://api.my.avira.com7https://api.oeacc.avira.com	0%	Avira URL Cloud	safe
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.htmlKievit	0%	Avira URL Cloud	safe
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html2009	0%	Avira URL Cloud	safe
http://www.fontfont.comhttp://www.fontfont.com/licensing-web2009	0%	Avira URL Cloud	safe
https://www.getsentry.com.	0%	Avira URL Cloud	safe
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html	0%	Avira URL Cloud	safe
http://sentry-dsn.invalid	0%	Avira URL Cloud	safe
https://www.getsentry.com	0%	Avira URL Cloud	safe
http://www.fontfont.comhttp://www.fontfont.com/licensing-web	0%	Avira URL Cloud	safe
https://cdn-download.securebrowser.com/avira/avira_secure_browser_setup.exe	0%	Avira URL Cloud	safe
https://www.getsentry.com.	0%	Virustotal		Browse
https://www.getsentry.com	0%	Virustotal		Browse
https://cdn-download.securebrowser.com/avira/avira_secure_browser_setup.exe	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.avira.com/hc/fr/sections/360003574777-Installation-et-configuration-Windows	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/en-us/articles/360003162153-Uninstallation-of-Avira-for-Windows	6uxhmwu2e4.exe	false		high
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html2009	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	6uxhmwu2e4.exe	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.avira.com/ja/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
http://ocsp.entrust.net03	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://www.avira.com/it/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
http://ocsp.entrust.net02	6uxhmwu2e4.exe	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.avira.com/fr/general-privacy	6uxhmwu2e4.exe	false		high
https://beta.avira.com/download/Ohttp://download-acc.avira.org/download/	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/it/sections/360003574777-Installazione-e-configurazione-Windows	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation-	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/it/articles/360003162153-Disinstallazione-di-Avira-per-Windows	6uxhmwu2e4.exe	false		high
https://www.avira.com/pt-br/general-privacy	6uxhmwu2e4.exe	false		high
https://dispatch.avira-update.com/	6uxhmwu2e4.exe	false		high
https://www.avira.com/zh-tw/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/ja/general-privacy	6uxhmwu2e4.exe	false		high
https://www.avira.com/fr/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.htmlKievit	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
https://api.my.avira.com7https://api.oeacc.avira.com	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
https://support.avira.com/hc/fr/articles/360003162153-D	6uxhmwu2e4.exe	false		high
https://www.avira.com/de/general-privacy	6uxhmwu2e4.exe	false		high
https://download.avira.com/download/IEndpointProtectionConfiguration.json5Creating	6uxhmwu2e4.exe	false		high
https://www.avira.com/it/general-privacy	6uxhmwu2e4.exe	false		high
https://www.avira.com/zh-tw/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	6uxhmwu2e4.exe	false		high
https://www.avira.com/zh-cn/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.avira.com/ru/general-privacy	6uxhmwu2e4.exe	false		high
http://www.fontfont.comhttp://www.fontfont.com/licensing-web2009	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
https://testing.update-bridge.avira.net	6uxhmwu2e4.exe	false		high
https://www.avira.com/nl/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.getsentry.com.	6uxhmwu2e4.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.entrust.net/ts1ca.crl0	6uxhmwu2e4.exe	false		high
http://www.entrust.net/rpa0	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/de/sections/360003574777-Installation-Konfiguration-Windows	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/en-us/articles/360003077114-How-do-I-remove-an-Avira-browser-extension-	6uxhmwu2e4.exe	false		high
https://sectigo.com/CPS0	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://www.avira.com/zh-tw/general-privacy	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/de/articles/360003958298-Issues-with-the-installation-	6uxhmwu2e4.exe	false		high
http://www.entrust.net/rpa03	6uxhmwu2e4.exe	false		high
http://ocsp.thawte.com0	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://www.avira.com/en/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.avira.com/ja/legal-terms	6uxhmwu2e4.exe	false		high
http://aia.entrust.net/ts1-chain256.cer01	6uxhmwu2e4.exe	false		high
https://www.avira.com/nl/legal-terms	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/en-us	6uxhmwu2e4.exe	false		high
https://www.avira.com/zh-cn/legal-terms	6uxhmwu2e4.exe	false		high
https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows	6uxhmwu2e4.exe	false		high
https://www.avira.com/de/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/tr/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.avira.com/tr/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/zh-cn/general-privacy	6uxhmwu2e4.exe	false		high
http://www.fontfont.comhttp://www.fontfont.comhttp://www.fontfont.com/eula/license.html	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
http://james.newtonking.com/projects/json	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://www.avira.com/de/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.avira.com/tr/general-privacy	6uxhmwu2e4.exe	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://www.avira.com/pt-br/legal-terms	6uxhmwu2e4.exe	false		high
http://sentry-dsn.invalid	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
https://www.avira.com/ru/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/en/general-privacy	6uxhmwu2e4.exe	false		high
https://www.avira.com/en/legal-terms	6uxhmwu2e4.exe	false		high
https://www.getsentry.com	6uxhmwu2e4.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.avira.com/es/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/es/general-privacy	6uxhmwu2e4.exe	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	6uxhmwu2e4.exe	false	URL Reputation: safe	unknown
https://support.avira.com/hc/de/articles/360003162153-Deinstallation-von-Avira-f	6uxhmwu2e4.exe	false		high
https://www.newtonsoft.com/jsonschema	6uxhmwu2e4.exe	false		high
https://www.avira.com/ru/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
http://www.fontfont.comhttp://www.fontfont.com/licensing-web	6uxhmwu2e4.exe	false	Avira URL Cloud: safe	unknown
https://www.nuget.org/packages/Newtonsoft.Json.Bson	6uxhmwu2e4.exe	false		high
https://www.avira.com/es/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high
https://www.avira.com/nl/general-privacy	6uxhmwu2e4.exe	false		high
http://crl.entrust.net/2048ca.crl0	6uxhmwu2e4.exe	false		high
https://cdn-download.securebrowser.com/avira/avira_secure_browser_setup.exe	6uxhmwu2e4.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.avira.com/fr/legal-terms	6uxhmwu2e4.exe	false		high
https://www.avira.com/it/legal-terms	6uxhmwu2e4.exe	false		high
https://www.entrust.net/rpa0	6uxhmwu2e4.exe	false		high
https://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/1766	6uxhmwu2e4.exe	false		high
https://www.avira.com/pt-br/end-user-license-agreement-terms-of-use	6uxhmwu2e4.exe	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417477
Start date and time:	2024-03-29 12:20:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	6uxhmwu2e4.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	1fc8050bdf299c760f99b66afa2ef9ddbd2478ed8393a49874736302eb284066
Detection:	MAL
Classification:	mal64.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 78
Cookbook Comments:	Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Execution Graph export aborted for target 6uxhmwu2e4.exe, PID 2724 because there are no executed function

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.292570309968298
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	6uxhmwu2e4.exe
File size:	6'860'511 bytes
MD5:	292abe12662d082106d33cc968a07271
SHA1:	d1f2b3f81bcd7d91c87ab56953ca600881472b18
SHA256:	1fc8050bdf299c760f99b66afa2ef9ddbd2478ed8393a49874736302eb284066
SHA512:	ddb2f6108bab2f47bc4ba82fa41975d4241c43cf9a3eae5856eff967b58747bc042e3986fcc4368a064bb8833fd29adb9016ada0f7d0415013e71ba8a7f3b241
SSDEEP:	49152:PZrO2PRhqrvFOY3mqXXpDYALLRENU9Qd+bukDZDZeuMHxjCNdJd1czeBQAzKvxLf:hUrvFrXWU9w6ZDhwHEVUH0WB
TLSH:	74666AC367F90736E6BE0F79ACBC45100A71BD16BE2DE64E1945B0AB8977340B913362
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................3.......................................................L...A.......A.........j.....A.......Rich...

File Icon


Icon Hash:	4cb26964b2cc44a0

Static PE Info

General

Entrypoint:	0x42ab20
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x65A15C0B [Fri Jan 12 15:34:35 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ef506ad82ad87fe26d222789693cd595

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
jmp 00007F9AECE8FEF3h
jmp 00007F9AECEB6DBDh
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F9AECEB67E9h
jmp 00007F9AECEB6F22h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007F9AECEB67DAh
jmp 00007F9AECEB6F13h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0046B054h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0046B054h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0046B054h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x69b2c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x70000	0x5f7888	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x666e00	0x10f18
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x62d30	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x62dc0	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x55d98	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x53000	0x27c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x69a88	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5114a	0x51200	1c3d211d9bd2c7c8431324cb2eb9c2f2	False	0.5250535679892142	data	6.624946562658066	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x53000	0x179f4	0x17a00	02b0e4005870f18a7b30f6346c7efeb0	False	0.4402178406084656	data	5.158904583940544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x6b000	0x3170	0x2000	a53037b4e7acb036ac8d5fbf9da380fa	False	0.174560546875	DOS executable (block device driver)	4.238125650179842	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didat	0x6f000	0x10	0x200	15a6faf152198c16b938244349809b25	False	0.041015625	data	0.16476501235057214	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x70000	0x5f7888	0x5f7a00	9f1d85b82db5f37a5432a75856a4c1df	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x668000	0x4118	0x4200	0b98e3c92f641b8c38709b2106404b35	False	0.7064393939393939	data	6.5733382532917695	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
BIN	0x5595c8	0x32910	PE32 executable (GUI) Intel 80386, for MS Windows	English	United States	0.32728852838933953
BIN	0x95ad0	0x246	Unicode text, UTF-16, little-endian text, with CRLF line terminators	English	United States	0.4879725085910653
BIN	0x555010	0x3eb0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.6234421734795613
BIN	0x543ba8	0x11468	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.5056387789711702
BIN	0x280b90	0xc460	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.5002585932527053
BIN	0x28cff0	0x67460	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.31625170209546866
BIN	0x2f4450	0x5c0f8	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.30684470138962555
BIN	0x95d18	0x192588	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.44104862213134766
BIN	0x2282a0	0x433	XML 1.0 document, ASCII text, with very long lines (303), with CRLF line terminators	English	United States	0.45488372093023255
BIN	0x384090	0x299f0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.17149225715626468
BIN	0x350548	0x33b48	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.22643825784761834
BIN	0x2286d8	0x2bb78	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.18808359022472412
BIN	0x254250	0x3fa	XML 1.0 document, ASCII text, with very long lines (303), with CRLF line terminators	English	United States	0.49803536345776034
BIN	0x254650	0x2c3c0	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.195320778876722
BIN	0x280a10	0x180	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.6041666666666666
BIN	0x5f9438	0xa748	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.3491500093405567
BIN	0x3ada80	0x6dbc0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4725277659120034
BIN	0x41b640	0x114f0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.5520480704129993
BIN	0x42cb30	0x8188	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.5898673100120627
BIN	0x603b80	0x7348	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4882759555435077
BIN	0x558ec0	0x707	data	English	United States	0.9938854919399667
BIN	0x60aec8	0x7728	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.47885523210070813
BIN	0x6125f0	0xa928	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.3429937188250508
BIN	0x61cf18	0x7548	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4882427391420197
BIN	0x624460	0xa748	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.3524892583597982
BIN	0x4f07d0	0x533d8	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.43226025950866986
BIN	0x434cb8	0x283e8	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4634858044164038
BIN	0x45d0a0	0x7e7e0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.40932848496078067
BIN	0x62eba8	0x7728	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.47331497508523473
BIN	0x58bed8	0x2d458	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.17400448681996636
BIN	0x5b9330	0x40108	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4153341361543855
BIN	0x6362d0	0x7728	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.4766260162601626
BIN	0x63d9f8	0xbb60	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.340268512341561
BIN	0x667178	0x41	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	1.0615384615384615
BIN	0x4db880	0x14f50	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.44529356943150045
BIN	0x649558	0xadd0	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.36203254225098885
BIN	0x654328	0x9728	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.37660223278891874
BIN	0x65da50	0x9728	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	English	United States	0.37729997932602855
RT_ICON	0x71480	0x1f73	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9469631101726493
RT_ICON	0x733f8	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 0	English	United States	0.036555069206198984
RT_ICON	0x83c20	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 0	English	United States	0.049348328778642
RT_ICON	0x8d0c8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	English	United States	0.07398441190363722
RT_ICON	0x912f0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.09854771784232365
RT_ICON	0x93898	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.1472795497185741
RT_ICON	0x94940	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	English	United States	0.23401639344262296
RT_ICON	0x952c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.33156028368794327
RT_GROUP_ICON	0x95730	0x76	data	English	United States	0.7372881355932204
RT_VERSION	0x957a8	0x324	data	English	United States	0.43905472636815923
RT_MANIFEST	0x6671c0	0x6c6	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1674), with CRLF line terminators	English	United States	0.3137254901960784

Imports

DLL	Import
ADVAPI32.dll	InitializeSecurityDescriptor, FreeSid, SetEntriesInAclW, AllocateAndInitializeSid, SetSecurityDescriptorDacl, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegCloseKey, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW
ole32.dll	CoTaskMemFree
SHELL32.dll	SHGetKnownFolderPath
USER32.dll	ExitWindowsEx
KERNEL32.dll	HeapSize, SetStdHandle, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, LocalAlloc, GetLastError, LocalFree, GetModuleFileNameW, CreateDirectoryW, GetLongPathNameW, GetTempPathW, GetLocalTime, WaitForSingleObject, CloseHandle, CreateProcessW, GetExitCodeProcess, SizeofResource, EnumResourceNamesW, CreateFileW, UnmapViewOfFile, LockResource, LoadResource, FindResourceW, CreateFileMappingW, MapViewOfFile, GetWindowsDirectoryW, CreateEventW, SetEvent, WaitForMultipleObjects, CreateMutexW, ReleaseMutex, GetModuleHandleW, lstrcmpiW, GetCurrentProcess, GetProcAddress, MoveFileExW, GetSystemDirectoryW, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, FreeLibrary, LoadLibraryExA, FormatMessageA, MultiByteToWideChar, GetStringTypeW, FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesW, GetFileAttributesExW, GetFileInformationByHandle, GetFinalPathNameByHandleW, SetEndOfFile, SetFileInformationByHandle, SetFilePointerEx, AreFileApisANSI, DeviceIoControl, CopyFileW, CreateHardLinkW, GetFileInformationByHandleEx, CreateSymbolicLinkW, WideCharToMultiByte, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, TryEnterCriticalSection, DeleteCriticalSection, GetCurrentThreadId, WaitForSingleObjectEx, GetExitCodeThread, EncodePointer, DecodePointer, LCMapStringEx, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetLocaleInfoEx, CompareStringEx, GetCPInfo, InitializeCriticalSectionAndSpinCount, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, GetEnvironmentStringsW, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, CreateThread, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetStdHandle, WriteFile, HeapAlloc, HeapFree, GetFileType, GetFileSizeEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, GetTimeZoneInformation, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, WriteConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: 6uxhmwu2e4.exePID: 2724, Parent PID: 1244

General

Target ID:	0
Start time:	12:20:46
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\6uxhmwu2e4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\6uxhmwu2e4.exe"
Imagebase:	0x13a0000
File size:	6'860'511 bytes
MD5 hash:	292ABE12662D082106D33CC968A07271
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 6uxhmwu2e4.exePID: 2724, Parent PID: 1244COMMON

Non-executed Functions

Function 013D6F10 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 011b3f9b3d46c49a98ffba7c5247a4919181397dfde266a9caa646639887a297
Instruction ID: 90fc9e8cca3b6b9772befae22a413307ec293545a15506f3b5633004fa36440a
Opcode Fuzzy Hash: 011b3f9b3d46c49a98ffba7c5247a4919181397dfde266a9caa646639887a297
Instruction Fuzzy Hash: FA023D72E012199BDF14CFA9D9806AEFBF1FF48318F148269E915E7381D731AA45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 013E96B4 Relevance: 3.0, APIs: 1, Instructions: 1473COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 013E98CB

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 58af0449881183c6185d152ec74f0ebb7edb413415be4b0a615432425921e306
Instruction ID: acea2df581329c9f818bb3d5b1c06a4d0fb772bf9973d8bd9c499c163b0a4239
Opcode Fuzzy Hash: 58af0449881183c6185d152ec74f0ebb7edb413415be4b0a615432425921e306
Instruction Fuzzy Hash: A9D23971E082298FDB65CE28DD447EAB7F5EB44309F1441EAD80DE7280E779AE858F41

Uniqueness

Uniqueness Score: -1.00%

Function 013CFFF9 Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 013D0169

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c43fe447b859b87da085d085522ed857a806be47247060fd332745093d114365
Instruction ID: 9ee05131743ae0c3329e369f5817eabac1a2f383b13d68150f04ca96c2aea827
Opcode Fuzzy Hash: c43fe447b859b87da085d085522ed857a806be47247060fd332745093d114365
Instruction Fuzzy Hash: 16C1113690060ADFDB2DCF7CE98467ABBB1AF45B0CF044609F556A7A51C370E945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 013D9369 Relevance: .7, Instructions: 655COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a92b8d3148189f8b0cf73c72da43aa6e88ff63e388c05bfd2e6db92f4ecd095
Instruction ID: aa821d4626993ab82f988c83f62dc5088fae02e5aee963f8e3dad3cbdaec037f
Opcode Fuzzy Hash: 1a92b8d3148189f8b0cf73c72da43aa6e88ff63e388c05bfd2e6db92f4ecd095
Instruction Fuzzy Hash: 5632AD75A0020ADFCF29CF9CD990BBEBBB5EF4530CF154168D845A7346D632AA46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 013E30E9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e05fd57274284863c5677e81c17e46f36b06538c3a891974dbfe82bbf1f2ae6a
Instruction ID: e2edd90a1c4b09af0c6ba4abb48b7ea4c6cd034804d604d57403cdeaf03d07aa
Opcode Fuzzy Hash: e05fd57274284863c5677e81c17e46f36b06538c3a891974dbfe82bbf1f2ae6a
Instruction Fuzzy Hash: 2F322622D69F114DD7235638C8253366689BFB72D9F15C737E81AB6EEAEF28C4834100

Uniqueness

Uniqueness Score: -1.00%

Function 013E7F10 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dad68adadb91e7c325440a9ab5a2b5f50626d0d8a60567fd9d23fbcbd863fc4
Instruction ID: ee9a4210a7929ef3d90d801d48c84eadc9f31bdd8a58a004ed71d7975e0f7ca9
Opcode Fuzzy Hash: 1dad68adadb91e7c325440a9ab5a2b5f50626d0d8a60567fd9d23fbcbd863fc4
Instruction Fuzzy Hash: 94B104359007169BDB389F28CC99AB7B7E8EF4430CF0448ADDA83C66C1EA75E985C710

Uniqueness

Uniqueness Score: -1.00%

Function 013DE710 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 494e265ca7f805076a592b89beee4f68df079bd3356be81f0116b0739831a142
Instruction ID: b93769aca2f7eef3ddfd1d605bbe39006cdb54dc954630f99020add47de7552a
Opcode Fuzzy Hash: 494e265ca7f805076a592b89beee4f68df079bd3356be81f0116b0739831a142
Instruction Fuzzy Hash: 2EB13C365106089FE755CF2CD48AB647FE0FF45368F298668E999CF2A1C335E991CB40

Uniqueness

Uniqueness Score: -1.00%

Function 013D4EDF Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072cb256f14f22380f114ce354f821c2611ab874cec41b3f4ad21e736c325c6e
Instruction ID: 4422031e1644b24025ef15740ad35dca39750e3d61a2327c982972a2a8ffca0b
Opcode Fuzzy Hash: 072cb256f14f22380f114ce354f821c2611ab874cec41b3f4ad21e736c325c6e
Instruction Fuzzy Hash: F1518272D00219EFDF14CF98D844AEEBBF6FF88304F498499E515AB241D774AA51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 013CAFB7 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354e2788d05b7193a8d33ebd7a8b24f88f6beb226d8c99802025332d282655fa
Instruction ID: a8af08cc83fc3ab91c8aa6a1c278f717e307c96e394bd1f8b228958ab4040983
Opcode Fuzzy Hash: 354e2788d05b7193a8d33ebd7a8b24f88f6beb226d8c99802025332d282655fa
Instruction Fuzzy Hash: ED519CB2E006198BEB15CF58D8867AEFBF0FB48758F14853AC521EB254E3B59940CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013CC370 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 03e2a0f23bfa1f7556c0d2f6caecb9f91f4468a9553e3a2273977c44f12a757a
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 661138B734005243E2068A3DE8B45BFEB95EBC562C72CB37ED24A8B748D226DE419700

Uniqueness

Uniqueness Score: -1.00%

Function 013A6E42 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1acb2cf15ca0b6b52285276b9da8b16bd7683cdeb67dcf69e900412433b674e2
Instruction ID: 908c7fe1e8ce8dd471688c48a7ab119ce93ad1f9b5bee4a3735d6164161010f5
Opcode Fuzzy Hash: 1acb2cf15ca0b6b52285276b9da8b16bd7683cdeb67dcf69e900412433b674e2
Instruction Fuzzy Hash: C2215E727216128BD318CE78C452AA2B3E0FB59314F144B6EE437DB2C1DB35B9558A84

Uniqueness

Uniqueness Score: -1.00%

Function 013A6DB3 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction ID: 36b1df001f4ba97cd3caec8c97f25d5b3ae7c053521a3d7d9109de469a379401
Opcode Fuzzy Hash: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction Fuzzy Hash: 0601D6723209128BD358CA3DC846A96F3D6EBD831474D8B39E0AAC7285D634D581C744

Uniqueness

Uniqueness Score: -1.00%

Function 013B3FEA Relevance: 38.8, APIs: 1, Strings: 21, Instructions: 284COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B3FF4

Part of subcall function 013A4733: __EH_prolog3.LIBCMT ref: 013A473A

Part of subcall function 013A6430: __EH_prolog3_catch.LIBCMT ref: 013A6437

Part of subcall function 013B449D: __EH_prolog3_GS.LIBCMT ref: 013B44A7

Strings

`,F, xrefs: 013B43F0
4"F, xrefs: 013B408A
|"F, xrefs: 013B40B6
'F, xrefs: 013B425B
8)F, xrefs: 013B42C9
"F, xrefs: 013B40E2
(!F, xrefs: 013B4048
$,F, xrefs: 013B439B
\'F, xrefs: 013B422F
D#F, xrefs: 013B4124
d$F, xrefs: 013B419B
D,F, xrefs: 013B441C
$F, xrefs: 013B4166
$#F, xrefs: 013B410E
8(F, xrefs: 013B4271
`(F, xrefs: 013B4287
p&F, xrefs: 013B4203
D$F, xrefs: 013B417C
`"F, xrefs: 013B40A0
0*F, xrefs: 013B42FE
d+F, xrefs: 013B433A

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_$H_prolog3H_prolog3_catch
String ID: $F$$#F$$,F$(!F$0*F$4"F$8(F$8)F$D#F$D$F$D,F$\'F$`"F$`(F$`,F$d$F$d+F$p&F$|"F$"F$'F
API String ID: 1893662202-1541404922
Opcode ID: d1b603157717823ab489b68d8555cfcdd826539cae44d999cf5597d539dc33ec
Instruction ID: facd08270f75ed9e748ed5c61fcd888f55acfb0874f0512fa8edb11b9f6a4ded
Opcode Fuzzy Hash: d1b603157717823ab489b68d8555cfcdd826539cae44d999cf5597d539dc33ec
Instruction Fuzzy Hash: 0EA195B0D202666ACB18F7B8CC50B9FB63AFFB024CFC4C4A5505577144EFB8AE458A56

Uniqueness

Uniqueness Score: -1.00%

Function 013C79D6 Relevance: 30.3, APIs: 20, Instructions: 287COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C79DD
collate.LIBCPMT ref: 013C79E6

Part of subcall function 013C66B2: __EH_prolog3_GS.LIBCMT ref: 013C66B9
Part of subcall function 013C66B2: __Getcoll.LIBCPMT ref: 013C671D

__Getcoll.LIBCPMT ref: 013C7A2C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7A40
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7A55
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7A93
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7AA6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7AEC
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7B20
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7B7D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7BDB
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7BEE
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7C0B
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7C28
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7C45
numpunct.LIBCPMT ref: 013C7C84
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7C94
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7CD8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7CEB
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013C7D08

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$Getcoll$H_prolog3H_prolog3_collatenumpunct
String ID:
API String ID: 2641423603-0
Opcode ID: 3d7f6672d4fe8911785329e65f9478e4cb2ce6380dc49c9ca865abd940d200a2
Instruction ID: bbaeda7efc385342e3bc7ecb3795ab2bd4d931adbc26a56d6be8dbc97122ce83
Opcode Fuzzy Hash: 3d7f6672d4fe8911785329e65f9478e4cb2ce6380dc49c9ca865abd940d200a2
Instruction Fuzzy Hash: 009197B1E00216ABEB107F6D4C59A7F79A8DF61B68F04881DED45A7781EB744D004BA2

Uniqueness

Uniqueness Score: -1.00%

Function 013CD8E8 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 013CD9E5
type_info::operator==.LIBVCRUNTIME ref: 013CDA07
___TypeMatch.LIBVCRUNTIME ref: 013CDB16
IsInExceptionSpec.LIBVCRUNTIME ref: 013CDBE8
_UnwindNestedFrames.LIBCMT ref: 013CDC6C
CallUnexpected.LIBVCRUNTIME ref: 013CDC87

Strings

csm, xrefs: 013CDA3E
csm, xrefs: 013CD925
csm, xrefs: 013CD992

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: f5d935a310571555cedb10c24b1b8c82c9dff20de98d23cceb6503020cc6eadf
Instruction ID: 7e0f7c2e46a8473e689cdf3faaf9e2a6635c966bc682a1bd0fabdb44b78a2053
Opcode Fuzzy Hash: f5d935a310571555cedb10c24b1b8c82c9dff20de98d23cceb6503020cc6eadf
Instruction Fuzzy Hash: 3CB1567580020AAFDF29DFE8C9809AEBBB5AF14B18F14416DF8056B211D771EE51CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 013DD1B0 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 013DD236

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 5f156f34ae4ee6121b7b90f9db24d2878e92d7a9fa613390bcd5a29b0f11e1d1
Instruction ID: bb34dcfa828e92d324c50dd96824ded90dd99b965ae46126ec164222a02a2edc
Opcode Fuzzy Hash: 5f156f34ae4ee6121b7b90f9db24d2878e92d7a9fa613390bcd5a29b0f11e1d1
Instruction Fuzzy Hash: B9B10473A003569FDB128EACDC81BEE7FB5EF55318F154155E504AB2C2DA74E901C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 013CD3B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 013CD3E7
___except_validate_context_record.LIBVCRUNTIME ref: 013CD3EF
_ValidateLocalCookies.LIBCMT ref: 013CD478
__IsNonwritableInCurrentImage.LIBCMT ref: 013CD4A3
_ValidateLocalCookies.LIBCMT ref: 013CD4F8

Strings

csm, xrefs: 013CD48D

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 084f9e3cad19afd9127e1c8d72fe30db2d37ef643baab421fca891f2b53507d3
Instruction ID: f60134043b21c91cd8830a12565f40a872743da0da5b184a50a3003dd04a5c25
Opcode Fuzzy Hash: 084f9e3cad19afd9127e1c8d72fe30db2d37ef643baab421fca891f2b53507d3
Instruction Fuzzy Hash: DD41A7349002199BCF10DFACC844ADEBFB4AF45618F148179EA18AB251DB35ED15CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 013B95FA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 013B961A
_Maklocstr.LIBCPMT ref: 013B9637
_Maklocstr.LIBCPMT ref: 013B9654
_Maklocchr.LIBCPMT ref: 013B9666
_Maklocchr.LIBCPMT ref: 013B9679

Strings

WE, xrefs: 013B9646

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Maklocstr$Maklocchr
String ID: WE
API String ID: 2020259771-394127888
Opcode ID: ed1e18a0bb1be69cfd79387bf4527022c81474d791e9e0a54a1a0bdb62eeb77a
Instruction ID: 5e89eede69dc8d11d9204007f627d850016abbe88ae93c4d330af481adc8bcc8
Opcode Fuzzy Hash: ed1e18a0bb1be69cfd79387bf4527022c81474d791e9e0a54a1a0bdb62eeb77a
Instruction Fuzzy Hash: 53118FF1904745BFE7209BA9C880F53BBACAB19268F04451AF749CBA40E364F95487E5

Uniqueness

Uniqueness Score: -1.00%

Function 013A65E6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A65ED
std::_Lockit::_Lockit.LIBCPMT ref: 013A65FA
std::_Facet_Register.LIBCPMT ref: 013A6648
std::_Lockit::~_Lockit.LIBCPMT ref: 013A6668

Strings

%D, xrefs: 013A65E8
F, xrefs: 013A6603

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: F$%D
API String ID: 1862572005-601865941
Opcode ID: db898cfc31fdb27d9e1701fac83087b7fa50609659be483b55158947846a7e90
Instruction ID: b8da7459f59193f40096069a80e46648ce03546dc63ae7b20c10cd9a753009e5
Opcode Fuzzy Hash: db898cfc31fdb27d9e1701fac83087b7fa50609659be483b55158947846a7e90
Instruction Fuzzy Hash: 9B0145B5D0011B8BDB04EF7CC881ABEB7B5EF94728F280009EA0167290EF749E048796

Uniqueness

Uniqueness Score: -1.00%

Function 013AB755 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013AB75C
std::_Lockit::_Lockit.LIBCPMT ref: 013AB769
std::_Facet_Register.LIBCPMT ref: 013AB7B7
std::_Lockit::~_Lockit.LIBCPMT ref: 013AB7D7

Strings

,F, xrefs: 013AB772
%D, xrefs: 013AB757

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D$,F
API String ID: 1862572005-638124259
Opcode ID: fef4018fe6d89b7d6bc84b814198e0e01a8680a9a07537043609d62fb092a34c
Instruction ID: 04c58a3f2cbddc7fcb7533942d0e790f08aacc9eafcd716bf939f03f37412f5c
Opcode Fuzzy Hash: fef4018fe6d89b7d6bc84b814198e0e01a8680a9a07537043609d62fb092a34c
Instruction Fuzzy Hash: CD01F935D0011A8BCF01EF6CC884ABEBBB5EF54718F544109E6016B381EF749E058B95

Uniqueness

Uniqueness Score: -1.00%

Function 013B2BCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B2BD3
std::_Lockit::_Lockit.LIBCPMT ref: 013B2BE0
std::_Facet_Register.LIBCPMT ref: 013B2C2E
std::_Lockit::~_Lockit.LIBCPMT ref: 013B2C4E

Strings

%D, xrefs: 013B2BCE
TF, xrefs: 013B2BE9

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D$TF
API String ID: 1862572005-4021005293
Opcode ID: 435b47bfadaefc8be9ff13ccf8450fefc0065d6d283059248853f9786b968fd7
Instruction ID: b0b9d82c67693d27ede50cfed7967f91f1336703c71fca61edf9577581bd4173
Opcode Fuzzy Hash: 435b47bfadaefc8be9ff13ccf8450fefc0065d6d283059248853f9786b968fd7
Instruction Fuzzy Hash: D401D275E0011A8BDF05EBACC8C16FFB7A5EF94718F240109E61667291EF34AE058796

Uniqueness

Uniqueness Score: -1.00%

Function 013B2C61 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B2C68
std::_Lockit::_Lockit.LIBCPMT ref: 013B2C75
std::_Facet_Register.LIBCPMT ref: 013B2CC3
std::_Lockit::~_Lockit.LIBCPMT ref: 013B2CE3

Strings

%D, xrefs: 013B2C63
XF, xrefs: 013B2C7E

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D$XF
API String ID: 1862572005-710625004
Opcode ID: 1e2c32218e88dd7b9cef821bbc7508905d5f23490f6f768e7a255316aad4885c
Instruction ID: 28d5e5ab82a0430ab66ce5d920d1046273ab8581992cc851ce8f25140df61388
Opcode Fuzzy Hash: 1e2c32218e88dd7b9cef821bbc7508905d5f23490f6f768e7a255316aad4885c
Instruction Fuzzy Hash: DE01D27190011A8BCF01EBACC884AFFB7B5EF94718F240119EA0567381FF34AE0587A6

Uniqueness

Uniqueness Score: -1.00%

Function 013D2800 Relevance: 9.2, Strings: 7, Instructions: 456COMMON

Download Yara Rule

Strings

p, xrefs: 013D2912
f, xrefs: 013D290B
p, xrefs: 013D28F6
p, xrefs: 013D2958
:, xrefs: 013D28C4
f, xrefs: 013D2951
f, xrefs: 013D28EF

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID: :$f$f$f$p$p$p
API String ID: 0-1434680307
Opcode ID: e91ea13d009d640dc1d6a9f91b6c84979f91205a1d82b12d0b4269148a6425ff
Instruction ID: 5ed8eb82c37b9d9b3da66dc3727352ebab2e6cc4d5c479f4e03b340c466c1663
Opcode Fuzzy Hash: e91ea13d009d640dc1d6a9f91b6c84979f91205a1d82b12d0b4269148a6425ff
Instruction Fuzzy Hash: 3AF191369111499ADF248F68F449AEFBFB6FF40B2CF684009E5656B284D7708E88CB15

Uniqueness

Uniqueness Score: -1.00%

Function 013BFF1A Relevance: 9.1, APIs: 6, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013BFF21
_Maklocstr.LIBCPMT ref: 013BFF8A
_Maklocstr.LIBCPMT ref: 013BFF9C
_Maklocchr.LIBCPMT ref: 013BFFB4
_Maklocchr.LIBCPMT ref: 013BFFC4
_Getvals.LIBCPMT ref: 013BFFE6

Part of subcall function 013B968C: _Maklocchr.LIBCPMT ref: 013B96BB
Part of subcall function 013B968C: _Maklocchr.LIBCPMT ref: 013B96D1

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
String ID:
API String ID: 3549167292-0
Opcode ID: bfb8dc0841f680b361fd59ef71ce920adbc2799b23290406ec99891b149a43c9
Instruction ID: c212a9366daf6904222be5b1c5bbf3f84895030276615ea150e2a75f4fb549b0
Opcode Fuzzy Hash: bfb8dc0841f680b361fd59ef71ce920adbc2799b23290406ec99891b149a43c9
Instruction Fuzzy Hash: 9C2171B1D00308AADF14EFA9D885ADF7B78EF15714F00805ABA059F551FA708544CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 013BFE4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BFE56
_Getvals.LIBCPMT ref: 013BFEA8
_Mpunct.LIBCPMT ref: 013BFEE3
_Mpunct.LIBCPMT ref: 013BFEFD

Strings

$+xv, xrefs: 013BFF08

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: ec1d34de1f0ae6eadda99d5ca1042c449412d201653da4115b9caf822741948f
Instruction ID: f628134412fae2e4edd8446670e5fa5568a315a54af1c7ef3240ed7eac10cfa0
Opcode Fuzzy Hash: ec1d34de1f0ae6eadda99d5ca1042c449412d201653da4115b9caf822741948f
Instruction Fuzzy Hash: 3121A1A1904B56AED725DF78889067BBEECAB09704F040A1EE599C7E41E334EA05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 013AB053 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013AB05A
std::_Lockit::_Lockit.LIBCPMT ref: 013AB067
std::_Facet_Register.LIBCPMT ref: 013AB0B5
std::_Lockit::~_Lockit.LIBCPMT ref: 013AB0D5

Strings

%D, xrefs: 013AB055

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D
API String ID: 1862572005-2949114454
Opcode ID: c0419ec0a065f8cfc14e472fe5f0c17da3797ed62aafb66bf3d19343170acafd
Instruction ID: 4e86b2780a0d056888f5062af65c4d85a2375d27c2e0bd7eb8f5c19ea8166826
Opcode Fuzzy Hash: c0419ec0a065f8cfc14e472fe5f0c17da3797ed62aafb66bf3d19343170acafd
Instruction Fuzzy Hash: D901F571E0011ACFDB01EBACC8846BEB7B5EF94718F644009E61167290EF749E018796

Uniqueness

Uniqueness Score: -1.00%

Function 013A6745 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A674C
std::_Lockit::_Lockit.LIBCPMT ref: 013A6759
std::_Facet_Register.LIBCPMT ref: 013A67A7
std::_Lockit::~_Lockit.LIBCPMT ref: 013A67C7

Strings

%D, xrefs: 013A6747

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D
API String ID: 1862572005-2949114454
Opcode ID: 1f8a31a45c900d39c19438cdfe9d9501d039c4363437fcb7766dd127977fb84f
Instruction ID: e4906d1bcd9b48850b0ac89c5b098309fca99912eeae44188f9034f6f1fde6f9
Opcode Fuzzy Hash: 1f8a31a45c900d39c19438cdfe9d9501d039c4363437fcb7766dd127977fb84f
Instruction Fuzzy Hash: B7014975D0012B8BCB01EB6CC485ABE7BB5EF54718F180009D9016B3C1FF749E058795

Uniqueness

Uniqueness Score: -1.00%

Function 013A6860 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A6867
std::_Lockit::_Lockit.LIBCPMT ref: 013A6874
std::_Facet_Register.LIBCPMT ref: 013A68C2
std::_Lockit::~_Lockit.LIBCPMT ref: 013A68E2

Strings

%D, xrefs: 013A6862

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D
API String ID: 1862572005-2949114454
Opcode ID: 5f3359ed88d43abf7ebcebd37a5eaac9aa81aedaeb8ec4f62adbb22f99c987ec
Instruction ID: 99bdb57b673fcd125e9f0449347b7f0626f13521a3f423abd73cf12a06718dc2
Opcode Fuzzy Hash: 5f3359ed88d43abf7ebcebd37a5eaac9aa81aedaeb8ec4f62adbb22f99c987ec
Instruction Fuzzy Hash: 6C01D6B1D0012ADBCB05EB6CC581ABEBBA9EF94718F544009EA0167281FF74DE018796

Uniqueness

Uniqueness Score: -1.00%

Function 013AAFBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013AAFC5
std::_Lockit::_Lockit.LIBCPMT ref: 013AAFD2
std::_Facet_Register.LIBCPMT ref: 013AB020
std::_Lockit::~_Lockit.LIBCPMT ref: 013AB040

Strings

%D, xrefs: 013AAFC0

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3_Lockit::_Lockit::~_Register
String ID: %D
API String ID: 1862572005-2949114454
Opcode ID: bbd5c2462b76521c495ab9be589cec927cce3190b421930ad9f15c49eb7a8701
Instruction ID: 81cfdc980d85e1229414a58415cbd06c153eb930c981aa9b5b41fd8eca3163c4
Opcode Fuzzy Hash: bbd5c2462b76521c495ab9be589cec927cce3190b421930ad9f15c49eb7a8701
Instruction Fuzzy Hash: E401F531E0011ACBDB01EB6CC494ABEB7B5EFA4718F64010AE61167390EF34DE058796

Uniqueness

Uniqueness Score: -1.00%

Function 013C617B Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C6182
std::_Lockit::_Lockit.LIBCPMT ref: 013C618C
messages.LIBCPMT ref: 013C61C6
std::_Facet_Register.LIBCPMT ref: 013C61DD
std::_Lockit::~_Lockit.LIBCPMT ref: 013C61FD

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 5cade0c5dbc9269ec388123312b85306d5aa452933442b274335f619ffb78f0d
Instruction ID: dac349b4eca68dd2b5c3972057eda5001d61d554b426269f3ccd481d843ab045
Opcode Fuzzy Hash: 5cade0c5dbc9269ec388123312b85306d5aa452933442b274335f619ffb78f0d
Instruction Fuzzy Hash: 05012271E0021ACBCB01EBACC8946BE7766AF94B19F14000EE9116B391EF349E008782

Uniqueness

Uniqueness Score: -1.00%

Function 013C60E6 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C60ED
std::_Lockit::_Lockit.LIBCPMT ref: 013C60F7
collate.LIBCPMT ref: 013C6131
std::_Facet_Register.LIBCPMT ref: 013C6148
std::_Lockit::~_Lockit.LIBCPMT ref: 013C6168

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 13541f2a5495a6347e2f924810d41db0e4b04ed184473408e1cb7a3c6521ad07
Instruction ID: c2c5a6d3cfc376841e2745a2064ec0cf5630e76fe0338b6c8ad092a6b142e7f4
Opcode Fuzzy Hash: 13541f2a5495a6347e2f924810d41db0e4b04ed184473408e1cb7a3c6521ad07
Instruction Fuzzy Hash: 4601C075E0011A8BCB05EF6CC8556BE7BB5EF94B19F14410EE9116B391EF74EE008785

Uniqueness

Uniqueness Score: -1.00%

Function 013C633A Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C6341
std::_Lockit::_Lockit.LIBCPMT ref: 013C634B
moneypunct.LIBCPMT ref: 013C6385
std::_Facet_Register.LIBCPMT ref: 013C639C
std::_Lockit::~_Lockit.LIBCPMT ref: 013C63BC

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: fde70fe09c97a98e79e8a15fa46d159fd08f99ac32b1e80f7a5c17d1eb7948f3
Instruction ID: 3a7cf5e2df4349bf2a8ff2e6251bdf7c6339f59df9cc6726f7cc987efcf46841
Opcode Fuzzy Hash: fde70fe09c97a98e79e8a15fa46d159fd08f99ac32b1e80f7a5c17d1eb7948f3
Instruction Fuzzy Hash: C601C4B5E0021A8BCB05EBACC8456BE7765AF94B18F15050DE911A73E0EF749D048B85

Uniqueness

Uniqueness Score: -1.00%

Function 013BA319 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA320
std::_Lockit::_Lockit.LIBCPMT ref: 013BA32A
moneypunct.LIBCPMT ref: 013BA364
std::_Facet_Register.LIBCPMT ref: 013BA37B
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA39B

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 64371051acafb4af0c3bbd210e1dd946390c154bb2aadf5db09620611c438399
Instruction ID: a830a24e633015f7ee3e8643dc6fae3f1d72bb6166f7698de243f2adf3b36f3d
Opcode Fuzzy Hash: 64371051acafb4af0c3bbd210e1dd946390c154bb2aadf5db09620611c438399
Instruction Fuzzy Hash: 0801D231E0022A8BCB06EB6CC8846FEB765AFA4718F14050DEA156B390FF749E048785

Uniqueness

Uniqueness Score: -1.00%

Function 013BA3AE Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA3B5
std::_Lockit::_Lockit.LIBCPMT ref: 013BA3BF
moneypunct.LIBCPMT ref: 013BA3F9
std::_Facet_Register.LIBCPMT ref: 013BA410
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA430

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: e77d276629eb01c341caaa8fc4cae5425a7876663650789aad4f67d0d44cee90
Instruction ID: f01fb64d0e3550a470fb6ad3e01c77859c5022ec29466653e2a02fb75a8dfc26
Opcode Fuzzy Hash: e77d276629eb01c341caaa8fc4cae5425a7876663650789aad4f67d0d44cee90
Instruction Fuzzy Hash: 0B012631E0011A8BCB05EB6CC8846FE7B65EF54318F14011DEA1167390FF74DE048785

Uniqueness

Uniqueness Score: -1.00%

Function 013C63CF Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C63D6
std::_Lockit::_Lockit.LIBCPMT ref: 013C63E0
moneypunct.LIBCPMT ref: 013C641A
std::_Facet_Register.LIBCPMT ref: 013C6431
std::_Lockit::~_Lockit.LIBCPMT ref: 013C6451

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 40c9c34198635420855052d80e398a9484fb4b257d75eb9920293a080d6e09b5
Instruction ID: de6e6139391ab421e071d3b3fcbc9300563ebd4c0a1aa5a969f7c75252d7294d
Opcode Fuzzy Hash: 40c9c34198635420855052d80e398a9484fb4b257d75eb9920293a080d6e09b5
Instruction Fuzzy Hash: A801D271E0011A8BCB05EF6CC945ABEB766EF54B18F14450DE9116B390EF749E018B86

Uniqueness

Uniqueness Score: -1.00%

Function 013BA284 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA28B
std::_Lockit::_Lockit.LIBCPMT ref: 013BA295
moneypunct.LIBCPMT ref: 013BA2CF
std::_Facet_Register.LIBCPMT ref: 013BA2E6
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA306

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 09d81117dcdbd3f5bf6ed9464c20f10111eb2b135c3feb6977d2a845ad5b8899
Instruction ID: af880ef262049005fa58a6e955a3f108b4ebe9b17cbc99da2c10f2f9af082828
Opcode Fuzzy Hash: 09d81117dcdbd3f5bf6ed9464c20f10111eb2b135c3feb6977d2a845ad5b8899
Instruction Fuzzy Hash: A301D231E0012A8BCB05EBACC8846FEB765AF54718F14450DEA116B390FF749A008785

Uniqueness

Uniqueness Score: -1.00%

Function 013BA443 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA44A
std::_Lockit::_Lockit.LIBCPMT ref: 013BA454
moneypunct.LIBCPMT ref: 013BA48E
std::_Facet_Register.LIBCPMT ref: 013BA4A5
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA4C5

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 102f2b5f930baceec9f3e95c6e801a025b716b8251c045580284fe68b2c3cd15
Instruction ID: 39c67b69effc9163739af32d383ebdc1331a1e7dae7b9220b0334565849d7d78
Opcode Fuzzy Hash: 102f2b5f930baceec9f3e95c6e801a025b716b8251c045580284fe68b2c3cd15
Instruction Fuzzy Hash: 7E01C031E0011A8BCB05EBACC8986FEB765EF94718F144119EA156B790FF749E008785

Uniqueness

Uniqueness Score: -1.00%

Function 013BA697 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA69E
std::_Lockit::_Lockit.LIBCPMT ref: 013BA6A8
numpunct.LIBCPMT ref: 013BA6E2
std::_Facet_Register.LIBCPMT ref: 013BA6F9
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA719

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registernumpunct
String ID:
API String ID: 3875005873-0
Opcode ID: 3a20ba12e952fba1c8fe426d20801e97b4c8699158cc1438ec0262520296444c
Instruction ID: 6ce456049a968821face5914d5eccc50c14ca30738fc7901e5fa957b777aebde
Opcode Fuzzy Hash: 3a20ba12e952fba1c8fe426d20801e97b4c8699158cc1438ec0262520296444c
Instruction Fuzzy Hash: ED01D635E0051A8BCB05EBACC8846FEBBB5EF90718F144109EA116B790FF7499058B85

Uniqueness

Uniqueness Score: -1.00%

Function 013B9D47 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9D4E
std::_Lockit::_Lockit.LIBCPMT ref: 013B9D58
collate.LIBCPMT ref: 013B9D92
std::_Facet_Register.LIBCPMT ref: 013B9DA9
std::_Lockit::~_Lockit.LIBCPMT ref: 013B9DC9

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: c6718ca017535dc3b94c51af41df9f8c9662f7938d9373b5a90a522dab759207
Instruction ID: 1e1411633e0297e63aed19879a7127c5885fe8ca6f5bc1aa0f7e5d3cdc545fb4
Opcode Fuzzy Hash: c6718ca017535dc3b94c51af41df9f8c9662f7938d9373b5a90a522dab759207
Instruction Fuzzy Hash: D401C071E0011A8BCB05EBA9C8846EEBB75AF94718F54410DEA116B290FF749A048785

Uniqueness

Uniqueness Score: -1.00%

Function 013B9DDC Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9DE3
std::_Lockit::_Lockit.LIBCPMT ref: 013B9DED
collate.LIBCPMT ref: 013B9E27
std::_Facet_Register.LIBCPMT ref: 013B9E3E
std::_Lockit::~_Lockit.LIBCPMT ref: 013B9E5E

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 540784f89ec60c37daccc4f2f390eda10da1103e994f2af6749f3c7940c42065
Instruction ID: 46ed9da5c6d42660d896db24343c4f88e5de29ceb53c2856b4958b3a783c600e
Opcode Fuzzy Hash: 540784f89ec60c37daccc4f2f390eda10da1103e994f2af6749f3c7940c42065
Instruction Fuzzy Hash: 8401D271E0011A8BCB05EFBCC8846FEB775AF94718F140509EA156B390FF749A018785

Uniqueness

Uniqueness Score: -1.00%

Function 013B9CB2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9CB9
std::_Lockit::_Lockit.LIBCPMT ref: 013B9CC3
codecvt.LIBCPMT ref: 013B9CFD
std::_Facet_Register.LIBCPMT ref: 013B9D14
std::_Lockit::~_Lockit.LIBCPMT ref: 013B9D34

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 8188a209886b1576171eefa2dd8415e76d46c5eceae5fa9c02181b9bbe28cae9
Instruction ID: e7179ff43ff1055a2adf93e0252b197601e3fd3c703372cf270ae060f58f1e36
Opcode Fuzzy Hash: 8188a209886b1576171eefa2dd8415e76d46c5eceae5fa9c02181b9bbe28cae9
Instruction Fuzzy Hash: C901C0B1E0015A8BCF05EBACC8946EEB765AF94718F14450EEA116B391FF749A048B85

Uniqueness

Uniqueness Score: -1.00%

Function 013B9F06 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9F0D
std::_Lockit::_Lockit.LIBCPMT ref: 013B9F17
messages.LIBCPMT ref: 013B9F51
std::_Facet_Register.LIBCPMT ref: 013B9F68
std::_Lockit::~_Lockit.LIBCPMT ref: 013B9F88

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 8469db144d33d9f0166cc0f616d6b822f0714fd0dc00ac3375f705b18d41c951
Instruction ID: 809675b1e2593fb14bcc026f0684e0585de65ecf13b36d47f8f04522ee8abd23
Opcode Fuzzy Hash: 8469db144d33d9f0166cc0f616d6b822f0714fd0dc00ac3375f705b18d41c951
Instruction Fuzzy Hash: 7A01C071E0011ACFCB05EB6CC8846EEBB66AF94729F184549EA156B390FF74DA048786

Uniqueness

Uniqueness Score: -1.00%

Function 013B9F9B Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9FA2
std::_Lockit::_Lockit.LIBCPMT ref: 013B9FAC
messages.LIBCPMT ref: 013B9FE6
std::_Facet_Register.LIBCPMT ref: 013B9FFD
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA01D

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 25a3a142b07424c2820d78256b37af424601a17d6b31a04cabfeb6f93540cc7e
Instruction ID: a4291eb607d30828ff896d4d28d28b4be69aec4cab11374108ad774330ff67e1
Opcode Fuzzy Hash: 25a3a142b07424c2820d78256b37af424601a17d6b31a04cabfeb6f93540cc7e
Instruction Fuzzy Hash: 6201D271E0061A8BCB05EF6CC8846FEB765AF54718F24410DEA116B390FF74AE049786

Uniqueness

Uniqueness Score: -1.00%

Function 013B9E71 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B9E78
std::_Lockit::_Lockit.LIBCPMT ref: 013B9E82
ctype.LIBCPMT ref: 013B9EBC
std::_Facet_Register.LIBCPMT ref: 013B9ED3
std::_Lockit::~_Lockit.LIBCPMT ref: 013B9EF3

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registerctype
String ID:
API String ID: 2628141667-0
Opcode ID: bff0a30b6f56986e632a0572dd156f34746eb23a9f92a484e2a7b838e6882db0
Instruction ID: 2cca9ee609141f8eff341ac23ecde7f1719d898e4c9bc40bd5574152d12a805b
Opcode Fuzzy Hash: bff0a30b6f56986e632a0572dd156f34746eb23a9f92a484e2a7b838e6882db0
Instruction Fuzzy Hash: 44010071E0011A8BCB01EBA8C8846EEBB66AF5031CF14010AEA156B690FF34AA04CB85

Uniqueness

Uniqueness Score: -1.00%

Function 013EC250 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

__dosmaperr.LIBCMT ref: 013EC36B
__dosmaperr.LIBCMT ref: 013EC38A
__dosmaperr.LIBCMT ref: 013EC530

Strings

H, xrefs: 013EC4B5

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: __dosmaperr
String ID: H
API String ID: 2332233096-2852464175
Opcode ID: ee2b2aae35ec71ad1a5b0b89194a007c1922a070fab1784f1996843a041d8647
Instruction ID: 80f25aac0e859129194a99d84d1db284e6007a2f3b4a36c035ce0d93c2f5e8fd
Opcode Fuzzy Hash: ee2b2aae35ec71ad1a5b0b89194a007c1922a070fab1784f1996843a041d8647
Instruction Fuzzy Hash: DDA14472E042699FCF1A9F6CDC55BAE7FE0AB06328F140159E801EB3D1DB758912CB52

Uniqueness

Uniqueness Score: -1.00%

Function 013C78AA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C78B1
_Mpunct.LIBCPMT ref: 013C793E
_Mpunct.LIBCPMT ref: 013C7958

Strings

$+xv, xrefs: 013C7963

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Mpunct$H_prolog3
String ID: $+xv
API String ID: 4281374311-1686923651
Opcode ID: 47cf235df742a51449db8047eaba9b581b24d5eaa87a876a8de4bfe3d918353f
Instruction ID: 63cfa8189a6c35095ab43fe8c4ef62f5543213677c7bb24c59d98c81a088bf32
Opcode Fuzzy Hash: 47cf235df742a51449db8047eaba9b581b24d5eaa87a876a8de4bfe3d918353f
Instruction Fuzzy Hash: 4121B2B1904B56AED725DF78C89077BBEF8AB08604F040A5EE499C7A41E734EA01CF90

Uniqueness

Uniqueness Score: -1.00%

Function 013BFD84 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BFD8B

Part of subcall function 013B95FA: _Maklocstr.LIBCPMT ref: 013B961A
Part of subcall function 013B95FA: _Maklocstr.LIBCPMT ref: 013B9637
Part of subcall function 013B95FA: _Maklocstr.LIBCPMT ref: 013B9654
Part of subcall function 013B95FA: _Maklocchr.LIBCPMT ref: 013B9666
Part of subcall function 013B95FA: _Maklocchr.LIBCPMT ref: 013B9679

_Mpunct.LIBCPMT ref: 013BFE18
_Mpunct.LIBCPMT ref: 013BFE32

Strings

$+xv, xrefs: 013BFE3D

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Maklocstr$MaklocchrMpunct$H_prolog3
String ID: $+xv
API String ID: 2939335142-1686923651
Opcode ID: 1359bef9cdfcd239b6d861d1f9e48ff38f6b3c8a6812811274c740f5e1e188e0
Instruction ID: 793a4294461f63d68d50f2dd054f1d4d148a865aa441b35ab1fdb6347da319a5
Opcode Fuzzy Hash: 1359bef9cdfcd239b6d861d1f9e48ff38f6b3c8a6812811274c740f5e1e188e0
Instruction Fuzzy Hash: 1221A3B1804B96AED725DF78889077BBEF8AB09704B040A1EE559C7E01E734E601CB90

Uniqueness

Uniqueness Score: -1.00%

Function 013C96FC Relevance: 6.3, Strings: 5, Instructions: 86COMMON

Download Yara Rule

Strings

-, xrefs: 013C97B4
+, xrefs: 013C975E
-, xrefs: 013C9772
-, xrefs: 013C9728
+, xrefs: 013C972D

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID:
String ID: +$+$-$-$-
API String ID: 0-1488319878
Opcode ID: 076bad7ec77a5eb6a6e86a4fe3b2445382f9c53f5ec22258ebdc23cb5cf6cefb
Instruction ID: e7b20398b250924df6d398825e117b29510ea26a08f5676c1a3f87ada7d94723
Opcode Fuzzy Hash: 076bad7ec77a5eb6a6e86a4fe3b2445382f9c53f5ec22258ebdc23cb5cf6cefb
Instruction Fuzzy Hash: 7D21D4317131655BEF325E2C88047A97B9ADB45F7CF2F021EE865D7291DA34DC408391

Uniqueness

Uniqueness Score: -1.00%

Function 013B2439 Relevance: 6.3, APIs: 4, Instructions: 278COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B2440
_strcspn.LIBCMT ref: 013B24AB
_strcspn.LIBCMT ref: 013B24CB
ctype.LIBCPMT ref: 013B2539

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: _strcspn$H_prolog3_ctype
String ID:
API String ID: 838279627-0
Opcode ID: b69f1831ce17db5082f47977dc47d699f5d5414798debecb2946e97c45cf2436
Instruction ID: 95fc4097932c90581dc9bf3105386a1f0eeb4c3ca12be6da10a6b8180fad1de1
Opcode Fuzzy Hash: b69f1831ce17db5082f47977dc47d699f5d5414798debecb2946e97c45cf2436
Instruction Fuzzy Hash: 3EB19E71D0020ADFDF15DFA8C880AEEBBB9FF18314F148119EA15B7611E774AA45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 013AA9E2 Relevance: 6.2, APIs: 4, Instructions: 201COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013AA9E9
std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 013AAB7F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 013AAB9B
_Yarn.LIBCPMT ref: 013AABAF

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Locimp::_std::locale::_$AddfacH_prolog3_LocimpLocimp_New_Yarn
String ID:
API String ID: 73198898-0
Opcode ID: d29b9ee72a3f0d5da27080cc643f453dd7c1929819937072c5bd6ca6dbd9f51b
Instruction ID: c2e29004be8f6ae7721117e825291c98e917f324adba6f008c6fa2ea27d1401f
Opcode Fuzzy Hash: d29b9ee72a3f0d5da27080cc643f453dd7c1929819937072c5bd6ca6dbd9f51b
Instruction Fuzzy Hash: A371CE72E00219DFDF08DFA8C9909ADBBB5FF58314F54846AE906A7251DB30AE01CF90

Uniqueness

Uniqueness Score: -1.00%

Function 013CD691 Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 013CD758
___AdjustPointer.LIBCMT ref: 013CD77B
___AdjustPointer.LIBCMT ref: 013CD817

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 34184a6912c8dff5699e6c5fc18bc4082f22baf1d8f57beaee5d59b7926a0165
Instruction ID: f67aad13d50064caad70f25b5d1743133b76897714d5dec8f4d2b1ee2872ceef
Opcode Fuzzy Hash: 34184a6912c8dff5699e6c5fc18bc4082f22baf1d8f57beaee5d59b7926a0165
Instruction Fuzzy Hash: 2B51C476600646AFEB259F98D840BBABBA8EF44F19F14403DF9064B694E731EC50CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 013AE01E Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

___std_fs_open_handle@16.LIBCPMT ref: 013AE04C
___std_fs_read_reparse_data_buffer@12.LIBCPMT ref: 013AE086
___std_fs_get_file_attributes_by_handle@8.LIBCPMT ref: 013AE0B2
___std_fs_read_name_from_reparse_data_buffer@12.LIBCPMT ref: 013AE0ED

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: ___std_fs_get_file_attributes_by_handle@8___std_fs_open_handle@16___std_fs_read_name_from_reparse_data_buffer@12___std_fs_read_reparse_data_buffer@12
String ID:
API String ID: 3712921422-0
Opcode ID: f4667f1b107f2e91fb39593e71c2f9db8fb05716fb81273417dbbd8a6a5d9937
Instruction ID: c968c07bc9d7c4a16ad26152e3246a76119f9ee0fbf6c80b3ab5b9c6c3cdc70c
Opcode Fuzzy Hash: f4667f1b107f2e91fb39593e71c2f9db8fb05716fb81273417dbbd8a6a5d9937
Instruction Fuzzy Hash: 9831BA71E0021AABDB11EBA8DC809EEBBB9EF14718F540179E600F7640EB70EE458795

Uniqueness

Uniqueness Score: -1.00%

Function 013CD57A Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 013CD596
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 013CD5AF

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 9ab6e34bb40eb49f025bfeaeb5db86217122e7028111f87b665b82afa219eafb
Instruction ID: 08231f21e4b19782f8e2056d1b1d0344b920489514ca95b681a1a3e018f22cbf
Opcode Fuzzy Hash: 9ab6e34bb40eb49f025bfeaeb5db86217122e7028111f87b665b82afa219eafb
Instruction Fuzzy Hash: AD01713220E316AEEB152ABC7C84A672F58DB21E7DB20023DF120D50E1FF914D4193C9

Uniqueness

Uniqueness Score: -1.00%

Function 013BA15A Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA161
std::_Lockit::_Lockit.LIBCPMT ref: 013BA16B
std::_Facet_Register.LIBCPMT ref: 013BA1BC
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA1DC

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 4b25bca3e4e2c67a792019cd484357810c2725de3d9fd8078e4d39cc13a455fe
Instruction ID: dad8ecfae56fddda5dd749e6aaf846a7f570e34885c830e227cdf343b03a530c
Opcode Fuzzy Hash: 4b25bca3e4e2c67a792019cd484357810c2725de3d9fd8078e4d39cc13a455fe
Instruction Fuzzy Hash: 8601C035E0011A8BCB05EFA8C8846FEB766AF90758F14450AEA116B690EF749E00CB85

Uniqueness

Uniqueness Score: -1.00%

Function 013BA1EF Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA1F6
std::_Lockit::_Lockit.LIBCPMT ref: 013BA200
std::_Facet_Register.LIBCPMT ref: 013BA251
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA271

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 5b7a6394a5da6b43599eeb24c40fe044d8228f2346efa180a2c81a356ce5c3bf
Instruction ID: b64a409ee445f2db864667d214dd1ebf4d2211d9a020b09ecc581c2d7c8c02ca
Opcode Fuzzy Hash: 5b7a6394a5da6b43599eeb24c40fe044d8228f2346efa180a2c81a356ce5c3bf
Instruction Fuzzy Hash: 2801C031E0052A8BCB05EFACC8846EEB7B5AF54718F14450AEE116B290FF749E008B96

Uniqueness

Uniqueness Score: -1.00%

Function 013BA030 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA037
std::_Lockit::_Lockit.LIBCPMT ref: 013BA041
std::_Facet_Register.LIBCPMT ref: 013BA092
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA0B2

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 6a8c1eaeb80b00e92b79faaf1f0a87929666002e9ff13f718291ee7e1ba09232
Instruction ID: 2134f2d17f86e014b0ffee26c5afd464f6525c6f5e20aeccbd042f55db7fc1c6
Opcode Fuzzy Hash: 6a8c1eaeb80b00e92b79faaf1f0a87929666002e9ff13f718291ee7e1ba09232
Instruction Fuzzy Hash: 3D01C031E0021A9BCB05EB68C8846FEB765AF54718F140509EA116B391FF749A488786

Uniqueness

Uniqueness Score: -1.00%

Function 013BA0C5 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA0CC
std::_Lockit::_Lockit.LIBCPMT ref: 013BA0D6
std::_Facet_Register.LIBCPMT ref: 013BA127
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA147

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 697fd96c51f043505cb3255a0b0fdf3bd1acc6a6f63898726d6eb6c1f40bb3c7
Instruction ID: 6a9d6867142a13c6ba885a050db311d0dca033f3fb547f46e4f85c63a799e40e
Opcode Fuzzy Hash: 697fd96c51f043505cb3255a0b0fdf3bd1acc6a6f63898726d6eb6c1f40bb3c7
Instruction Fuzzy Hash: 8801D271E0061A8BCF05EFACC8946FEB765AF94758F240109EA116B390FF74DE048B95

Uniqueness

Uniqueness Score: -1.00%

Function 013C6210 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C6217
std::_Lockit::_Lockit.LIBCPMT ref: 013C6221
std::_Facet_Register.LIBCPMT ref: 013C6272
std::_Lockit::~_Lockit.LIBCPMT ref: 013C6292

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ee8e117f123775fd58995faf0dab65aac7ef5e7027e03612513884a222510713
Instruction ID: 779c0b59b07b28e10c3ad4f014399be57c7e50d9e98717e978125c2996a7dc95
Opcode Fuzzy Hash: ee8e117f123775fd58995faf0dab65aac7ef5e7027e03612513884a222510713
Instruction Fuzzy Hash: F101D672D0011A8BCF05EBACC8556BEBB66AF94B18F14450EE911673D0EF749D04CB85

Uniqueness

Uniqueness Score: -1.00%

Function 013C62A5 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C62AC
std::_Lockit::_Lockit.LIBCPMT ref: 013C62B6
std::_Facet_Register.LIBCPMT ref: 013C6307
std::_Lockit::~_Lockit.LIBCPMT ref: 013C6327

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 451fb168d213f36f0c79544f12a6273a6fb9b5b238217eb0d76bbcb8058e432f
Instruction ID: 111bb7e1718be6ec0cdc3541acbc5a7c2054d0e3ed5f5acc529e645f42d9cb1d
Opcode Fuzzy Hash: 451fb168d213f36f0c79544f12a6273a6fb9b5b238217eb0d76bbcb8058e432f
Instruction Fuzzy Hash: DC01C4B1D0011A8BCB05EBACC8456AE7B65EF54B18F14051EE91167391EF74AD01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 013BA56D Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA574
std::_Lockit::_Lockit.LIBCPMT ref: 013BA57E
std::_Facet_Register.LIBCPMT ref: 013BA5CF
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA5EF

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 00efa9763c3012cb4759b91a6cc5d132d4a29976abb14e17f5ee56b4f0945cf0
Instruction ID: e8d59e92d27ff28d27c70c117ba9de8ef149b469d754ec9275e8f1cd2dbbe0d1
Opcode Fuzzy Hash: 00efa9763c3012cb4759b91a6cc5d132d4a29976abb14e17f5ee56b4f0945cf0
Instruction Fuzzy Hash: 3F01C031E0012ACBCF05EB6CC8846FEBBA5AF50728F14450AEA116B391EF74DA048B85

Uniqueness

Uniqueness Score: -1.00%

Function 013B640E Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013B6415
std::_Lockit::_Lockit.LIBCPMT ref: 013B641F
std::_Facet_Register.LIBCPMT ref: 013B6470
std::_Lockit::~_Lockit.LIBCPMT ref: 013B6490

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 1c765b15363c46a91870d29a6ed37e3bc5402aeabda66d68c025ac93c24f51b1
Instruction ID: f1664ea35a6b18dacebf700833568407476b1f8abf470a2a528b7bceb4c25b98
Opcode Fuzzy Hash: 1c765b15363c46a91870d29a6ed37e3bc5402aeabda66d68c025ac93c24f51b1
Instruction Fuzzy Hash: 7B012271E0051A8BCF01EF6CC8856FE7766BF90318F144509EA117B291FF78DA008791

Uniqueness

Uniqueness Score: -1.00%

Function 013C6464 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C646B
std::_Lockit::_Lockit.LIBCPMT ref: 013C6475
std::_Facet_Register.LIBCPMT ref: 013C64C6
std::_Lockit::~_Lockit.LIBCPMT ref: 013C64E6

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: bc3fbbbbfebeeff72cf0775db1514aa7a1b4ca401e028479c1272793cb53db0a
Instruction ID: 04c52f3740115d7b6605289fdf6fde2f1a3cec17360c25be8cc3286b604b8413
Opcode Fuzzy Hash: bc3fbbbbfebeeff72cf0775db1514aa7a1b4ca401e028479c1272793cb53db0a
Instruction Fuzzy Hash: F3010071E0011A8BCB06EF6CC845ABEB766EF94B18F14410EE9116B390EF70DE008B82

Uniqueness

Uniqueness Score: -1.00%

Function 013C64F9 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013C6500
std::_Lockit::_Lockit.LIBCPMT ref: 013C650A
std::_Facet_Register.LIBCPMT ref: 013C655B
std::_Lockit::~_Lockit.LIBCPMT ref: 013C657B

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 50483e9e1adf19fcfa85e49ce2fceb763bca60be9ce4aa8e072c1dc9c092dba2
Instruction ID: 95a494c383e3fe71b6f09c42e2cb12a82c78d5796baca78fc8b54e4b7059ec21
Opcode Fuzzy Hash: 50483e9e1adf19fcfa85e49ce2fceb763bca60be9ce4aa8e072c1dc9c092dba2
Instruction Fuzzy Hash: 9D010075E0011ACBCB01EFACC8446BE7B75AFA0B18F24411DE9116B390EF30EE018781

Uniqueness

Uniqueness Score: -1.00%

Function 013BA4D8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA4DF
std::_Lockit::_Lockit.LIBCPMT ref: 013BA4E9
std::_Facet_Register.LIBCPMT ref: 013BA53A
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA55A

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 4f84f88e70ce14ebf30a52a321b353c54ccf321088c8bbbb6d548e761aefc611
Instruction ID: 2ee6229d6595539f2b87be91913b90c067d29d6c27d0cb7638517b3616ec3360
Opcode Fuzzy Hash: 4f84f88e70ce14ebf30a52a321b353c54ccf321088c8bbbb6d548e761aefc611
Instruction Fuzzy Hash: CC01D231E0011ACBCB05EBACC8846FEB765AF94718F14050EEA116B790FF74DA008B85

Uniqueness

Uniqueness Score: -1.00%

Function 013BA72C Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA733
std::_Lockit::_Lockit.LIBCPMT ref: 013BA73D
std::_Facet_Register.LIBCPMT ref: 013BA78E
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA7AE

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: f2d1bc4ff865c7644a0af4a8496f476279b2753408c753bf3c36aa093423630c
Instruction ID: 242321e858bc75815e8918b236717960d387f17a14ecb00584687f6d8ed510d9
Opcode Fuzzy Hash: f2d1bc4ff865c7644a0af4a8496f476279b2753408c753bf3c36aa093423630c
Instruction Fuzzy Hash: FA012235E0021A9BCB01EBACC894AFEB775AF90718F140009EA126B390FF709E008B81

Uniqueness

Uniqueness Score: -1.00%

Function 013BA7C1 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA7C8
std::_Lockit::_Lockit.LIBCPMT ref: 013BA7D2
std::_Facet_Register.LIBCPMT ref: 013BA823
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA843

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 41aa24bf7fadc97833aff3b5ddd2753d2559654cd51457946541ed441c26df0a
Instruction ID: be20137409e364d92c77eaefc09fdbfdf1cf1a53d93f41fe188adf39f41161e3
Opcode Fuzzy Hash: 41aa24bf7fadc97833aff3b5ddd2753d2559654cd51457946541ed441c26df0a
Instruction Fuzzy Hash: AB012231E0022A9BCB05EB6CC8846FEBF75AF90718F140019EA11AB790FF34DE018786

Uniqueness

Uniqueness Score: -1.00%

Function 013BA602 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA609
std::_Lockit::_Lockit.LIBCPMT ref: 013BA613
std::_Facet_Register.LIBCPMT ref: 013BA664
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA684

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 70fc474d694ab7b24cb5a7f3e8d9e3477c1279db9c657d229598d49568d2ab90
Instruction ID: a8e01daab70b97938d60e8f174eed0960fe18d84755a7013c89d4f14713444c0
Opcode Fuzzy Hash: 70fc474d694ab7b24cb5a7f3e8d9e3477c1279db9c657d229598d49568d2ab90
Instruction Fuzzy Hash: 9201D275E0021A8BCF05EBACC8946FEB775AFD4728F24450AEA116B790FF749A008785

Uniqueness

Uniqueness Score: -1.00%

Function 013BA856 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA85D
std::_Lockit::_Lockit.LIBCPMT ref: 013BA867
std::_Facet_Register.LIBCPMT ref: 013BA8B8
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA8D8

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 4124d282db42bb73c039316a5945b4b4ac1b8148dd539444cd84d50399b73ebe
Instruction ID: 7f239d1691f857d8d849718d61243fdbdcc29169344aa5fafdd30f4f7322a781
Opcode Fuzzy Hash: 4124d282db42bb73c039316a5945b4b4ac1b8148dd539444cd84d50399b73ebe
Instruction Fuzzy Hash: A101C035E0011ACBCB05EB6CC8846EEBB65AF54718F14450EEA11AB690FF749A01CB96

Uniqueness

Uniqueness Score: -1.00%

Function 013BA8EB Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 013BA8F2
std::_Lockit::_Lockit.LIBCPMT ref: 013BA8FC
std::_Facet_Register.LIBCPMT ref: 013BA94D
std::_Lockit::~_Lockit.LIBCPMT ref: 013BA96D

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 6ef093b39cd790696b4fb316df64f921d2f87191bb8c09f4c4a37d8dc04868cb
Instruction ID: 1d32fcc2c31caef17a5d7d0554ea541f9f6c5fa20e9d77db25e342244c8c7d12
Opcode Fuzzy Hash: 6ef093b39cd790696b4fb316df64f921d2f87191bb8c09f4c4a37d8dc04868cb
Instruction Fuzzy Hash: 3E012235E0011A8BCF05EB6CC8846FEBB75AF64318F154119EA116B790FF309E049B85

Uniqueness

Uniqueness Score: -1.00%

Function 013B7274 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B727B

Part of subcall function 013B2C61: __EH_prolog3_GS.LIBCMT ref: 013B2C68
Part of subcall function 013B2C61: std::_Lockit::_Lockit.LIBCPMT ref: 013B2C75
Part of subcall function 013B2C61: std::_Lockit::~_Lockit.LIBCPMT ref: 013B2CE3

_Find_elem.LIBCPMT ref: 013B7477

Strings

eE, xrefs: 013B7276

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
String ID: eE
API String ID: 3328206922-38083467
Opcode ID: 2f5a55431b4b68a166ff5dc40e2100f52dfb23980e80a7a64d679ca37cad122f
Instruction ID: f7cbd9407d3f7056af7f6e9ac6fd948ed10aaec9041aa5feadf69fb0d142587b
Opcode Fuzzy Hash: 2f5a55431b4b68a166ff5dc40e2100f52dfb23980e80a7a64d679ca37cad122f
Instruction Fuzzy Hash: 29C18F30E05289CBDF16DFA8C5D0BECBFB2EF85308F14445ADA856B6C6E7249946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 013A7D61 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A7D6B

Strings

D, xrefs: 013A7D66

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_
String ID: D
API String ID: 2427045233-193714618
Opcode ID: bb65a67abfe583a68b5f4a1d749203be0507db3a7a31e3e06f7ca6d9759df3ef
Instruction ID: 0a4c58890fb121636098d761abbe12d30213ff07cc2500e1ee572a79a5a9449f
Opcode Fuzzy Hash: bb65a67abfe583a68b5f4a1d749203be0507db3a7a31e3e06f7ca6d9759df3ef
Instruction Fuzzy Hash: F6616271900249DADF14EFA8C894FEEB7B4EF25308F904199D54AA7281EB749F89CF50

Uniqueness

Uniqueness Score: -1.00%

Function 013A3C02 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A3C0C

Part of subcall function 013A1720: __EH_prolog3_catch_GS.LIBCMT ref: 013A172A

Part of subcall function 013A4733: __EH_prolog3.LIBCMT ref: 013A473A

Part of subcall function 013A6430: __EH_prolog3_catch.LIBCMT ref: 013A6437

Part of subcall function 013A4870: __EH_prolog3_catch.LIBCMT ref: 013A4877

Part of subcall function 013A5424: __EH_prolog3.LIBCMT ref: 013A542B

Part of subcall function 013A3DEE: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 013A3E26

Strings

AD, xrefs: 013A3C07

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch$H_prolog3_H_prolog3_catch_Ios_base_dtorstd::ios_base::_
String ID: AD
API String ID: 1252265766-3279240155
Opcode ID: 1fde069395d28152e8f1449de1998b253ba7c1208ec00ffe94e91b4d292b05e7
Instruction ID: 49f17735cbc739af710bf63881b9c6fa8fdf1d6f4490c18358671f74f3ed60b3
Opcode Fuzzy Hash: 1fde069395d28152e8f1449de1998b253ba7c1208ec00ffe94e91b4d292b05e7
Instruction Fuzzy Hash: 34515F7190425A9BCB19EB68C941BDEB7B9EF24308F5041AAD509A7280EF746B84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 013AC4EA Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013AC4F1

Strings

/, xrefs: 013AC56C
\, xrefs: 013AC565

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_
String ID: /$\
API String ID: 2427045233-1600464054
Opcode ID: 8aba298c86a2ead8578201b3acf0cce2747cd61eac3ec6521ffce6e6a0492946
Instruction ID: 25a462d3ffa0345be99e92d8610cebb472a3abb349877d627a1f34d7429b361c
Opcode Fuzzy Hash: 8aba298c86a2ead8578201b3acf0cce2747cd61eac3ec6521ffce6e6a0492946
Instruction Fuzzy Hash: 4D51AE72E00116CBDB25DFAEC5845EDFBF1EF58328F88A12AE551E7250DB30A941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 013C59F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013C59F7
__cftoe.LIBCMT ref: 013C5A7B

Strings

UE, xrefs: 013C5A08

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3___cftoe
String ID: UE
API String ID: 855520168-625707154
Opcode ID: 062a804de6e5b97887aa150e26af42945d31c336edf0e839e30f2a18bd19ca0e
Instruction ID: 31d8d47390534f70cea5ffb9ceb95471d2aa1a0a7bf8486820d688e791a48551
Opcode Fuzzy Hash: 062a804de6e5b97887aa150e26af42945d31c336edf0e839e30f2a18bd19ca0e
Instruction Fuzzy Hash: DE317876E1120DABEF05DF98E980AEDB7B6FF08708F104019E905A7251EB35AE45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 013B396F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013B3976

Strings

@ F, xrefs: 013B39AE
0E, xrefs: 013B3971

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_
String ID: 0E$@ F
API String ID: 2427045233-3621947763
Opcode ID: 5d76f437c46042eabb2f4d829cd9dd6f72cb13f1d0b7ca2488f30f7c54c8bae5
Instruction ID: c5ba2eae6aedc307f5dcd92cee5e0c57166aa14a9ffd92526f664a14e12f6771
Opcode Fuzzy Hash: 5d76f437c46042eabb2f4d829cd9dd6f72cb13f1d0b7ca2488f30f7c54c8bae5
Instruction Fuzzy Hash: 2621AC7090130A9FDB14DF68D5507EDFBB5BF28306F04802AE184A3681DB30D918CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 013AD1E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 013AD22E

Strings

LF, xrefs: 013AD20E
PF, xrefs: 013AD27A

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: Init_thread_footer
String ID: LF$PF
API String ID: 1385522511-2788013241
Opcode ID: 0153f1359a30d2a7fdd02ea0fed27e449654eb0cbec4590e47ec83758b1a908f
Instruction ID: c44154e6c9061b1863b4b15fb8d240d451b243a84754dddfbbd9e18804284e43
Opcode Fuzzy Hash: 0153f1359a30d2a7fdd02ea0fed27e449654eb0cbec4590e47ec83758b1a908f
Instruction Fuzzy Hash: 83010431601318BBC7219FAADC48EDF3FB8EF06A65B100026F109A7191EB709D04DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 013A7A39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 013A7A40
___std_fs_get_temp_path@4.LIBCPMT ref: 013A7A87

Part of subcall function 013A7A39: __EH_prolog3_align.LIBCMT ref: 013A79FC

Strings

7D, xrefs: 013A7A3B

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_H_prolog3_align___std_fs_get_temp_path@4
String ID: 7D
API String ID: 2225135975-3051826868
Opcode ID: f0571fd7bec09a37fd6f6f878ad8366d6b7a39973df0795bd1571d5a04bc5896
Instruction ID: 198e0d4bd5d26656000997429a450010a428daf270aecaa1c9b80630dbdb4fc6
Opcode Fuzzy Hash: f0571fd7bec09a37fd6f6f878ad8366d6b7a39973df0795bd1571d5a04bc5896
Instruction Fuzzy Hash: 5E1161B0A013099BDB10DF9DC4946AEF6F9FF54718F90451ED155E7380D7B84A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 013AD150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 013AD157

Part of subcall function 013B5DB4: ___std_fs_open_handle@16.LIBCPMT ref: 013B5DCD

Strings

0F, xrefs: 013AD160
@F, xrefs: 013AD199

Memory Dump Source

Source File: 00000000.00000002.342440110.00000000013A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013A0000, based on PE: true

Associated: 00000000.00000002.342437657.00000000013A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342447844.00000000013F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342451843.000000000140B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001422000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000142C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000015FE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000160D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001614000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001671000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000167D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001687000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016CE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016D9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016DD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000016E3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001701000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000170D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001717000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000172B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001737000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001741000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001911000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000191D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001937000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001943000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001946000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000194C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001977000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001982000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001986000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.000000000198C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019A1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019BA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019CC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019E6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.00000000019FB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.342454832.0000000001A04000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13a0000_6uxhmwu2e4.jbxd

Similarity

API ID: H_prolog3_catch___std_fs_open_handle@16
String ID: 0F$@F
API String ID: 3587330534-260622396
Opcode ID: e3ba175235289b87464052e3dc9c46366a8ada37899359661551c066f56d4a83
Instruction ID: 7745aff3c62b8470a381eb60eeecbd2037a5625e00b55d505b3e8a9a920b1df5
Opcode Fuzzy Hash: e3ba175235289b87464052e3dc9c46366a8ada37899359661551c066f56d4a83
Instruction Fuzzy Hash: 79E0263860020583DB1877DC8914AAD32CBEB7130DFC4852DC1031B940FB384C01139B

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 6uxhmwu2e4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: 6uxhmwu2e4.exePID: 2724, Parent PID: 1244

General

Chronological Activities

Disassembly

Analysis Process: 6uxhmwu2e4.exePID: 2724, Parent PID: 1244COMMON

Non-executed Functions

Function 013D6F10 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Function 013E96B4 Relevance: 3.0, APIs: 1, Instructions: 1473COMMON

Function 013CFFF9 Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Function 013D9369 Relevance: .7, Instructions: 655COMMON

Windows Analysis Report
6uxhmwu2e4.exe