Edit tour

Windows Analysis Report
9vZbHuuOq6.exe

Overview

General Information

Sample name:	9vZbHuuOq6.exe renamed because original name is a hash value
Original sample name:	67696e7aa22ad87ce8ccec3a1baf5fd8.exe
Analysis ID:	1436575
MD5:	67696e7aa22ad87ce8ccec3a1baf5fd8
SHA1:	bd9667590d20f06a917fb4cd3dee90c7263e2f59
SHA256:	737096609aeeedacb11b6bc2c68c020ae35bc485ea3fbe061e07d9acfdceda24
Tags:	32exetrojan
Infos:

Detection

RisePro Stealer

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Yara detected RisePro Stealer

Found API chain indicative of sandbox detection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found stalling execution ending in API Sleep call

Hides threads from debuggers

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Classification

Process Tree

System is w10x64

9vZbHuuOq6.exe (PID: 6584 cmdline: "C:\Users\user\Desktop\9vZbHuuOq6.exe" MD5: 67696E7AA22AD87CE8CCEC3A1BAF5FD8)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: 9vZbHuuOq6.exe PID: 6584	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.9vZbHuuOq6.exe.400000.0.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 9vZbHuuOq6.exe	Virustotal: Detection: 67%			Perma Link
Source: 9vZbHuuOq6.exe	ReversingLabs: Detection: 54%

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_0041F3EB CryptUnprotectData,LocalFree,

0_2_0041F3EB

Source: 9vZbHuuOq6.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED

Source:

Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 9vZbHuuOq6.exe, 9vZbHuuOq6.exe, 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmp

Source: global traffic

TCP traffic: 192.168.2.4:49732 -> 193.233.132.253:50500

Source: Joe Sandbox View

IP Address: 193.233.132.253 193.233.132.253

Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.253

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_0041E220 recv,setsockopt,recv,WSAGetLastError,recv,recv,setsockopt,recv,recv,recv,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,Sleep,Sleep,

0_2_0041E220

Source: 9vZbHuuOq6.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 9vZbHuuOq6.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 9vZbHuuOq6.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: 9vZbHuuOq6.exe, 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllDpRTpR
Source: 9vZbHuuOq6.exe	String found in binary or memory: https://ipinfo.io/
Source: 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
Source: 9vZbHuuOq6.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: 9vZbHuuOq6.exe, 00000000.00000002.2872560581.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/RiseProSUPPORT
Source: 9vZbHuuOq6.exe	String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_014DCAC2 NtSetInformationThread,

0_2_014DCAC2

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00B121AA	0_2_00B121AA
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0044C160	0_2_0044C160
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00A1012C	0_2_00A1012C
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00B5916C	0_2_00B5916C
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004E925D	0_2_004E925D
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00487270	0_2_00487270
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00CB2298	0_2_00CB2298
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00A30202	0_2_00A30202
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00BD126B	0_2_00BD126B
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0047F360	0_2_0047F360
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00A1B3F8	0_2_00A1B3F8
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004E03D0	0_2_004E03D0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00C164E8	0_2_00C164E8
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00483470	0_2_00483470
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00402410	0_2_00402410
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00406430	0_2_00406430
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00B0C43A	0_2_00B0C43A
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_014D85D6	0_2_014D85D6
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004944E0	0_2_004944E0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0048B4F0	0_2_0048B4F0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0040C490	0_2_0040C490
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00416490	0_2_00416490
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0048C560	0_2_0048C560
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004E959F	0_2_004E959F
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00AE657A	0_2_00AE657A
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00402600	0_2_00402600
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00A176D0	0_2_00A176D0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004176B0	0_2_004176B0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00438770	0_2_00438770
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00D287ED	0_2_00D287ED
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0148069F	0_2_0148069F
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0043C800	0_2_0043C800
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00471830	0_2_00471830
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00B27802	0_2_00B27802
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004378A0	0_2_004378A0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00401900	0_2_00401900
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004FD9FE	0_2_004FD9FE
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004099A0	0_2_004099A0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041F9B0	0_2_0041F9B0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00C70AD0	0_2_00C70AD0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00481A30	0_2_00481A30
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004E3B58	0_2_004E3B58
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0043FB60	0_2_0043FB60
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00B4DB89	0_2_00B4DB89
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00434B20	0_2_00434B20
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00AB7B09	0_2_00AB7B09
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0044EB90	0_2_0044EB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004E5B90	0_2_004E5B90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00433C30	0_2_00433C30
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004F6CC5	0_2_004F6CC5
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_014C8DB8	0_2_014C8DB8
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0040CD50	0_2_0040CD50
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00A21DF6	0_2_00A21DF6
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00409D90	0_2_00409D90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00418EE0	0_2_00418EE0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00CDAE7E	0_2_00CDAE7E
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00483EF0	0_2_00483EF0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0040BFC0	0_2_0040BFC0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00482FE0	0_2_00482FE0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0048BFB0	0_2_0048BFB0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0152DEAD	0_2_0152DEAD

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 004DD5B0 appears 33 times
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 00469F00 appears 32 times
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 004622E0 appears 35 times
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 00402D00 appears 42 times
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 0046A190 appears 120 times
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: String function: 00462150 appears 40 times

Source: 9vZbHuuOq6.exe

Static PE information: invalid certificate

Source: 9vZbHuuOq6.exe, 00000000.00000000.1617659375.0000000001590000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamexml_magik.exe8 vs 9vZbHuuOq6.exe
Source: 9vZbHuuOq6.exe	Binary or memory string: OriginalFilenamexml_magik.exe8 vs 9vZbHuuOq6.exe

Source: 9vZbHuuOq6.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: classification engine

Classification label: mal96.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 9vZbHuuOq6.exe, 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

Source: 9vZbHuuOq6.exe	Virustotal: Detection: 67%
Source: 9vZbHuuOq6.exe	ReversingLabs: Detection: 54%

Source: 9vZbHuuOq6.exe

String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

File read: C:\Users\user\Desktop\9vZbHuuOq6.exe

Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Section loaded: mswsock.dll	Jump to behavior

Source: 9vZbHuuOq6.exe

Static file information: File size 8876792 > 1048576

Source: 9vZbHuuOq6.exe

Static PE information: Raw size of .MPRESS1 is bigger than: 0x100000 < 0x86c200

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Unpacked PE file: 0.2.9vZbHuuOq6.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_00418BB0 LoadLibraryA,GetProcAddress,

0_2_00418BB0

Source: initial sample

Static PE information: section where entry point is pointing to: .MPRESS2

Source: 9vZbHuuOq6.exe	Static PE information: section name: .MPRESS1
Source: 9vZbHuuOq6.exe	Static PE information: section name: .MPRESS2

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006ED748 push edx; mov dword ptr [esp], 3BBD5B6Ah	0_2_0097D09E
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A6C55 push ecx; mov dword ptr [esp], esp	0_2_009900CA
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00592243 push eax; mov dword ptr [esp], ecx	0_2_0098800D
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006A09D3 push 06718C5Ch; mov dword ptr [esp], ecx	0_2_009651B2
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A65B9 push ebp; mov dword ptr [esp], esp	0_2_0095D1C5
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A6DD6 push ecx; mov dword ptr [esp], ebx	0_2_0097F138
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004DD189 push ecx; ret	0_2_004DD19C
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00692488 push 0F84AB2Fh; mov dword ptr [esp], edx	0_2_00961D48
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005B300B push ebp; mov dword ptr [esp], eax	0_2_0097015F
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005B300B push 6C8B1C56h; mov dword ptr [esp], eax	0_2_00977BE3
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006A476A push 6E368399h; mov dword ptr [esp], eax	0_2_0094D2F3
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0067F050 push ecx; mov dword ptr [esp], esi	0_2_0096C21B
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0067F050 push ecx; mov dword ptr [esp], eax	0_2_009782AF
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00599614 push edx; mov dword ptr [esp], esi	0_2_0094325B
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00599614 push 1342D5EBh; mov dword ptr [esp], eax	0_2_00956CAA
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0067C440 push 7C6DB4EDh; mov dword ptr [esp], esp	0_2_0097438E
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A3F6A push 61186C83h; mov dword ptr [esp], eax	0_2_00986EFB
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006EF638 push ecx; mov dword ptr [esp], ebx	0_2_009613DE
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006DE625 push ecx; mov dword ptr [esp], esi	0_2_0095D3F2
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00583288 push ebx; mov dword ptr [esp], esi	0_2_0097E310
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006D5E1B push 547DE74Ch; mov dword ptr [esp], edx	0_2_0097C49A
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006D5E1B push ebp; mov dword ptr [esp], 6FD7042Dh	0_2_0097C4A1
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006D5E1B push ebp; mov dword ptr [esp], eax	0_2_00998A38
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A49C2 push 412391C8h; mov dword ptr [esp], ecx	0_2_009940F1
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005A61F2 push 59739203h; mov dword ptr [esp], esi	0_2_0095C42B
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_006D6457 push edx; mov dword ptr [esp], 3F2DDC60h	0_2_00991E5D
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00584DD0 push eax; mov dword ptr [esp], 16AB23CEh	0_2_009925F9
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00581D14 push esi; mov dword ptr [esp], edi	0_2_00962548
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0067D79E push ebx; mov dword ptr [esp], ecx	0_2_0095F55B
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_005ABED2 push ecx; mov dword ptr [esp], edi	0_2_0095F604
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0071FC27 push ebp; mov dword ptr [esp], edi	0_2_00963565

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_00481A30 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00481A30

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Sandbox detection routine: GetCursorPos, DecisionNode, Sleep

graph_0-41809

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_0-41810

Found stalling execution ending in API Sleep call

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Stalling execution: Execution stalls by calling Sleep

graph_0-41754

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,

0_2_0045D9F0

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Window / User API: threadDelayed 6042

Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-41761

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe TID: 6576	Thread sleep count: 43 > 30			Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe TID: 6576	Thread sleep count: 6042 > 30			Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00464270 GetKeyboardLayoutList followed by cmp: cmp esi, edi and CTI: je 00464293h		0_2_00464270
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004624B0 GetKeyboardLayoutList followed by cmp: cmp eax, 2eh and CTI: jc 004624C0h country: Upper Sorbian (hsb)		0_2_004624B0

Source: 9vZbHuuOq6.exe, 00000000.00000002.2872560581.000000000164A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_00418BB0 LoadLibraryA,GetProcAddress,

0_2_00418BB0

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0045D9F0 mov eax, dword ptr fs:[00000030h]	0_2_0045D9F0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0045D9F0 mov eax, dword ptr fs:[00000030h]	0_2_0045D9F0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041AB90 mov eax, dword ptr fs:[00000030h]	0_2_0041AB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004160B0 mov ecx, dword ptr fs:[00000030h]	0_2_004160B0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_004146B0 mov eax, dword ptr fs:[00000030h]	0_2_004146B0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041AB90 mov eax, dword ptr fs:[00000030h]	0_2_0041AB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041AB90 mov eax, dword ptr fs:[00000030h]	0_2_0041AB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041AB90 mov eax, dword ptr fs:[00000030h]	0_2_0041AB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_00414ED0 mov eax, dword ptr fs:[00000030h]	0_2_00414ED0
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041AB90 mov eax, dword ptr fs:[00000030h]	0_2_0041AB90
Source: C:\Users\user\Desktop\9vZbHuuOq6.exe	Code function: 0_2_0041EF10 mov eax, dword ptr fs:[00000030h]	0_2_0041EF10

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_00409690 OutputDebugStringA,GetModuleHandleA,GetProcAddress,GetProcessHeap,RtlAllocateHeap,HeapFree,RtlAllocateHeap,HeapFree,

0_2_00409690

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_004149F0 cpuid

0_2_004149F0

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_004DC84D GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_004DC84D

Source: C:\Users\user\Desktop\9vZbHuuOq6.exe

Code function: 0_2_0040AF70 GetModuleHandleA,GetProcAddress,GetVersionExA,

0_2_0040AF70

Stealing of Sensitive Information

Yara detected RisePro Stealer

Source: Yara match	File source: 0.2.9vZbHuuOq6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: 9vZbHuuOq6.exe PID: 6584, type: MEMORYSTR

Remote Access Functionality

Yara detected RisePro Stealer

Source: Yara match	File source: 0.2.9vZbHuuOq6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: 9vZbHuuOq6.exe PID: 6584, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	43 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	43 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	25 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
9vZbHuuOq6.exe	68%	Virustotal		Browse
9vZbHuuOq6.exe	54%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll	9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	9vZbHuuOq6.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.winimage.com/zLibDll	9vZbHuuOq6.exe, 9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	false		high
https://t.me/RiseProSUPPORT	9vZbHuuOq6.exe, 00000000.00000002.2872560581.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sectigo.com/CPS0	9vZbHuuOq6.exe	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	9vZbHuuOq6.exe	false	URL Reputation: safe URL Reputation: safe	unknown
https://ipinfo.io/	9vZbHuuOq6.exe	false		high
https://www.maxmind.com/en/locate-my-ip-address	9vZbHuuOq6.exe	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	9vZbHuuOq6.exe	false	URL Reputation: safe	unknown
http://www.winimage.com/zLibDllDpRTpR	9vZbHuuOq6.exe, 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.233.132.253	unknown	Russian Federation		2895	FREE-NET-ASFREEnetEU	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436575
Start date and time:	2024-05-06 02:58:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	9vZbHuuOq6.exe renamed because original name is a hash value
Original Sample Name:	67696e7aa22ad87ce8ccec3a1baf5fd8.exe
Detection:	MAL
Classification:	mal96.troj.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
193.233.132.253	WlCIinu0yp.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT	Browse	193.233.132.253/lumma2804.exe
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse	193.233.132.253/lumma2804.exe
	2q45IEa3Ee.exe	Get hash	malicious	LummaC, RisePro Stealer	Browse	193.233.132.253/lumma1504.exe
	TANQUIVUIA.exe	Get hash	malicious	LummaC, RisePro Stealer	Browse	193.233.132.253/lumma1504.exe
	SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exe	Get hash	malicious	Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	193.233.132.253/lumma1104.exe
	80OrFCsz0u.exe	Get hash	malicious	GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	193.233.132.253/lumma1104.exe
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer	Browse	193.233.132.253/lumma1104.exe
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer	Browse	193.233.132.253/lumma1104.exe
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer	Browse	193.233.132.253/lumma1104.exe
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer	Browse	193.233.132.253/lumma1104.exe

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FREE-NET-ASFREEnetEU	ABD88D155FC99F529EDC0F725A4151C61126B7890BC6B.exe	Get hash	malicious	DCRat	Browse	147.45.44.3
	1CMweaqlKp.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	147.45.47.93
	SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	file.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	vEaFCBsRb7.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	oO2wHSVFJM.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	hYrJbjnzVc.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	KhbShPK91I.exe	Get hash	malicious	Unknown	Browse	193.233.132.56
	4yFaZU8fhT.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93
	RY5YJaMEWE.exe	Get hash	malicious	RisePro Stealer	Browse	147.45.47.93

File type:	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Entropy (8bit):	7.998746823436833
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	9vZbHuuOq6.exe
File size:	8'876'792 bytes
MD5:	67696e7aa22ad87ce8ccec3a1baf5fd8
SHA1:	bd9667590d20f06a917fb4cd3dee90c7263e2f59
SHA256:	737096609aeeedacb11b6bc2c68c020ae35bc485ea3fbe061e07d9acfdceda24
SHA512:	dc678f01245a31053aa0726ad203a952e89c1e57084acccd4388a0cd177a0a8a07464c2de4e5cb01dc8fe3bf031a60968163906fc7c394c8345b484e1245fb7d
SSDEEP:	196608:4f356OlETt6y3sx673q1bRUPBHlk7oR7pnaO3uR9J+LaZR:+3YPRqKYsBF7TTE9J+Lar
TLSH:	88963358F106FBD5D5E9003E8794E3A6B9397C02AB5A928332F174ECF87BB861D15930
File Content Preview:	MZ@.....................................!..L.!Win32 .EXE...$@...PE..L......f...............'.4...p...............P....@..................................!..................................L...L...H....................Z.....................................

File Icon


Icon Hash:	0d4d1a1b696de7c9

Static PE Info

General

Entrypoint:	0x158f394
Entrypoint Section:	.MPRESS2
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x660FE6E7 [Fri Apr 5 11:56:23 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2f93cd80e5dfeca07d7e8b0f35545fb5

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=AVG Technologies USA LLC \ufffd\xa1\xa0@\ufffd
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	03/01/2024 10:48:44 04/01/2034 10:48:44
Subject Chain	CN=AVG Technologies USA LLC \ufffd\xa1\xa0@\ufffd
Version:	3
Thumbprint MD5:	A1AEF6A7FEC6D3C8F75A0AC57A3F4DBE
Thumbprint SHA-1:	EBB7D941B8CF7ED3D52D088AB7AE8AB0E0D8ECE6
Thumbprint SHA-256:	397B03015DBCAE0290503FD5D4A0A2DE50B9EF54118FC7ED8F754BCF0979574A
Serial:	123B429C3AFD48A34558FF520D424FC4

Entrypoint Preview

Instruction
pushad
call 00007FEAB55977F5h
pop eax
add eax, 00000B5Ah
mov esi, dword ptr [eax]
add esi, eax
sub eax, eax
mov edi, esi
lodsw
shl eax, 0Ch
mov ecx, eax
push eax
lodsd
sub ecx, eax
add esi, ecx
mov ecx, eax
push edi
push ecx
dec ecx
mov al, byte ptr [ecx+edi+06h]
mov byte ptr [ecx+esi], al
jne 00007FEAB55977E8h
sub eax, eax
lodsb
mov ecx, eax
and cl, FFFFFFF0h
and al, 0Fh
shl ecx, 0Ch
mov ch, al
lodsb
or ecx, eax
push ecx
add cl, ch
mov ebp, FFFFFD00h
shl ebp, cl
pop ecx
pop eax
mov ebx, esp
lea esp, dword ptr [esp+ebp*2-00000E70h]
push ecx
sub ecx, ecx
push ecx
push ecx
mov ecx, esp
push ecx
mov dx, word ptr [edi]
shl edx, 0Ch
push edx
push edi
add ecx, 04h
push ecx
push eax
add ecx, 04h
push esi
push ecx
call 00007FEAB5597853h
mov esp, ebx
pop esi
pop edx
sub eax, eax
mov dword ptr [edx+esi], eax
mov ah, 10h
sub edx, eax
sub ecx, ecx
cmp ecx, edx
jnc 00007FEAB5597818h
mov ebx, ecx
lodsb
inc ecx
and al, FEh
cmp al, E8h
jne 00007FEAB55977E4h
inc ebx
add ecx, 04h
lodsd
or eax, eax
js 00007FEAB55977F8h
cmp eax, edx
jnc 00007FEAB55977D7h
jmp 00007FEAB55977F8h
add eax, ebx
js 00007FEAB55977D1h
add eax, edx
sub eax, ebx
mov dword ptr [esi-04h], eax
jmp 00007FEAB55977C8h
call 00007FEAB55977F5h
pop edi
add edi, FFFFFF4Dh
mov al, E9h
stosb
mov eax, 00000B56h
stosd
call 00007FEAB55977F5h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x118f000	0x4c	.MPRESS2
IMAGE_DIRECTORY_ENTRY_IMPORT	0x118f04c	0x348	.MPRESS2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1190000	0x85b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x875a00	0x18f8	.MPRESS1
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x118ff00	0x18	.MPRESS2
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x118f178	0x68	.MPRESS2
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x1039038	0x40	.MPRESS1
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.MPRESS1	0x1000	0x118e000	0x86c200	0b1a2cd39e3ac66beb4072d742814790	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.MPRESS2	0x118f000	0xf20	0x1000	7ad997797edb7966c71ff454ec539dbb	False	0.548095703125	data	5.8587231948232095	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1190000	0x85b0	0x8600	0d29871840debb65436ee64b831e1db3	False	0.22353078358208955	data	2.8806711510228955	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
DABDUMP	0x1169594	0x102a	empty	English	United States	0
DABDUMP	0x116a5c0	0x867	empty	English	United States	0
DABDUMP	0x116ae28	0x52a	empty	English	United States	0
DABDUMP	0x116b354	0xa5	empty	English	United States	0
DABDUMP	0x116b3fc	0x316	empty	English	United States	0
DABDUMP	0x116b714	0x1464	empty	English	United States	0
DABDUMP	0x116cb78	0x275	empty	English	United States	0
DABDUMP	0x116cdf0	0x3c6a	empty	English	United States	0
DABDUMP	0x1170a5c	0x21a	empty	English	United States	0
DABDUMP	0x1170c78	0x1323	empty	English	United States	0
DABDUMP	0x1171f9c	0xb89	empty	English	United States	0
DABDUMP	0x1172b28	0x35ca	empty	English	United States	0
DABDUMP	0x11760f4	0x28ea	empty	English	United States	0
DABDUMP	0x11789e0	0x2136	empty	English	United States	0
DABDUMP	0x117ab18	0x1bc	empty	English	United States	0
DABDUMP	0x117acd4	0x1000	empty	English	United States	0
DABDUMP	0x117bcd4	0xc22	empty	English	United States	0
DABDUMP	0x117c8f8	0x5b3	empty	English	United States	0
DABDUMP	0x117ceac	0xbc	empty	English	United States	0
IMAGE	0x117cf68	0xca4	empty	English	United States	0
IMAGE	0x117dc0c	0x1cd5	empty	English	United States	0
IMAGE	0x117f8e4	0xec3	empty	English	United States	0
IMAGE	0x11807a8	0x7938	empty	English	United States	0
IMAGE	0x11880e0	0xca4	empty	English	United States	0
RT_CURSOR	0x1188d84	0x134	empty	English	United States	0
RT_CURSOR	0x1188eb8	0x134	empty	English	United States	0
RT_CURSOR	0x1188fec	0x134	empty	English	United States	0
RT_CURSOR	0x1189120	0x134	empty	English	United States	0
RT_CURSOR	0x1189254	0x134	empty	English	United States	0
RT_CURSOR	0x1189388	0xb4	empty	English	United States	0
RT_BITMAP	0x118943c	0x88	empty	English	United States	0
RT_BITMAP	0x11894c4	0x17be	empty	English	United States	0
RT_BITMAP	0x118ac84	0x5e4	empty	English	United States	0
RT_BITMAP	0x118b268	0x5e4	empty	English	United States	0
RT_BITMAP	0x118b84c	0xb8	empty	English	United States	0
RT_ICON	0x1190ad4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.10549132947976879
RT_ICON	0x1191064	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.2427797833935018
RT_ICON	0x1191934	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.29838709677419356
RT_ICON	0x1191c44	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.37184115523465705
RT_ICON	0x1192514	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.22311827956989247
RT_ICON	0x1192824	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.21908602150537634
RT_ICON	0x1192b34	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.239247311827957
RT_ICON	0x1192e44	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.14516129032258066
RT_ICON	0x1193154	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.19359205776173286
RT_ICON	0x1193a24	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.29422382671480146
RT_ICON	0x11942f4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.20356472795497185
RT_ICON	0x11953c4	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.1773465703971119
RT_ICON	0x1195c94	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.25806451612903225
RT_ICON	0x1195fa4	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.15162454873646208
RT_ICON	0x1196874	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.16776315789473684
RT_ICON	0x11969cc	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.1875
RT_ICON	0x1196b24	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.16776315789473684
RT_ICON	0x1196c7c	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.1611842105263158
RT_ICON	0x1196dd4	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.1875
RT_ICON	0x1196f2c	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 256	English	United States	0.17105263157894737
RT_ICON	0x1197084	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.12634408602150538
RT_DIALOG	0x118b904	0x488	empty	English	United States	0
RT_DIALOG	0x118bd8c	0x26e	empty	English	United States	0
RT_DIALOG	0x118bffc	0x594	empty	English	United States	0
RT_DIALOG	0x118c590	0x25e	empty	English	United States	0
RT_STRING	0x118c7f0	0xf0	empty	English	United States	0
RT_STRING	0x118c8e0	0x3e	empty	English	United States	0
RT_STRING	0x118c920	0x1ca	empty	English	United States	0
RT_STRING	0x118caec	0x166	empty	English	United States	0
RT_STRING	0x118cc54	0x1a0	empty	English	United States	0
RT_STRING	0x118cdf4	0x1bc	empty	English	United States	0
RT_STRING	0x118cfb0	0x92	empty	English	United States	0
RT_STRING	0x118d044	0x78	empty	English	United States	0
RT_STRING	0x118d0bc	0x21a	empty	English	United States	0
RT_STRING	0x118d2d8	0x1f8	empty	English	United States	0
RT_STRING	0x118d4d0	0xde	empty	English	United States	0
RT_STRING	0x118d5b0	0x290	empty	English	United States	0
RT_STRING	0x118d840	0x152	empty	English	United States	0
RT_STRING	0x118d994	0x11a	empty	English	United States	0
RT_STRING	0x118dab0	0x2ee	empty	English	United States	0
RT_STRING	0x118dda0	0x196	empty	English	United States	0
RT_STRING	0x118df38	0x2e2	empty	English	United States	0
RT_STRING	0x118e21c	0x490	empty	English	United States	0
RT_STRING	0x118e6ac	0xb2	empty	English	United States	0
RT_STRING	0x118e760	0x110	empty	English	United States	0
RT_STRING	0x118e870	0x126	empty	English	United States	0
RT_GROUP_CURSOR	0x118e998	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x118e9ac	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x118e9c0	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x118e9d4	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x118e9e8	0x22	empty	English	United States	0
RT_GROUP_ICON	0x1197a48	0x22	data	English	United States	1.0588235294117647
RT_GROUP_ICON	0x1197a94	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197ad0	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197b0c	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197b48	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197b84	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197bc0	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197bfc	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197c38	0x22	data	English	United States	1.0294117647058822
RT_GROUP_ICON	0x1197c84	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197cc0	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197cfc	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x1197d38	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197d74	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197db0	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197dec	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197e28	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197e64	0x14	data	English	United States	1.15
RT_GROUP_ICON	0x1197ea0	0x14	data	English	United States	1.25
RT_VERSION	0x1197ef4	0x3b0	data	Polish	Poland	0.4311440677966102
RT_MANIFEST	0x11982e4	0x2ca	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5028011204481793

Imports

DLL	Import
KERNEL32.DLL	GetModuleHandleA, GetProcAddress
USER32.dll	wsprintfA
GDI32.dll	CreateCompatibleBitmap
ADVAPI32.dll	RegQueryValueExA
SHELL32.dll	ShellExecuteA
ole32.dll	CoInitialize
WS2_32.dll	WSAStartup
CRYPT32.dll	CryptUnprotectData
SHLWAPI.dll	PathFindExtensionA
gdiplus.dll	GdipGetImageEncoders
SETUPAPI.dll	SetupDiEnumDeviceInfo
ntdll.dll	RtlUnicodeStringToAnsiString
RstrtMgr.DLL	RmStartSession

Exports

Name	Ordinal	Address
Start	1	0x461330

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Polish	Poland

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2024 02:59:01.178380013 CEST	49732	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:01.448333979 CEST	50500	49732	193.233.132.253	192.168.2.4
May 6, 2024 02:59:01.969142914 CEST	49732	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:02.239106894 CEST	50500	49732	193.233.132.253	192.168.2.4
May 6, 2024 02:59:02.754468918 CEST	49732	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:03.024291039 CEST	50500	49732	193.233.132.253	192.168.2.4
May 6, 2024 02:59:03.535717964 CEST	49732	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:03.805386066 CEST	50500	49732	193.233.132.253	192.168.2.4
May 6, 2024 02:59:04.316997051 CEST	49732	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:04.586764097 CEST	50500	49732	193.233.132.253	192.168.2.4
May 6, 2024 02:59:04.709016085 CEST	49733	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:04.980067968 CEST	50500	49733	193.233.132.253	192.168.2.4
May 6, 2024 02:59:05.487328053 CEST	49733	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:05.758261919 CEST	50500	49733	193.233.132.253	192.168.2.4
May 6, 2024 02:59:06.270170927 CEST	49733	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:06.541043997 CEST	50500	49733	193.233.132.253	192.168.2.4
May 6, 2024 02:59:07.051423073 CEST	49733	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:07.322325945 CEST	50500	49733	193.233.132.253	192.168.2.4
May 6, 2024 02:59:07.832602024 CEST	49733	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:08.103502989 CEST	50500	49733	193.233.132.253	192.168.2.4
May 6, 2024 02:59:08.247848988 CEST	49734	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:08.508882046 CEST	50500	49734	193.233.132.253	192.168.2.4
May 6, 2024 02:59:09.020204067 CEST	49734	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:09.281312943 CEST	50500	49734	193.233.132.253	192.168.2.4
May 6, 2024 02:59:09.785799980 CEST	49734	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:10.046844006 CEST	50500	49734	193.233.132.253	192.168.2.4
May 6, 2024 02:59:10.551443100 CEST	49734	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:10.812558889 CEST	50500	49734	193.233.132.253	192.168.2.4
May 6, 2024 02:59:11.316971064 CEST	49734	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:11.577980042 CEST	50500	49734	193.233.132.253	192.168.2.4
May 6, 2024 02:59:12.004964113 CEST	49735	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:12.274863958 CEST	50500	49735	193.233.132.253	192.168.2.4
May 6, 2024 02:59:12.785823107 CEST	49735	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:13.055596113 CEST	50500	49735	193.233.132.253	192.168.2.4
May 6, 2024 02:59:13.567332029 CEST	49735	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:13.836966991 CEST	50500	49735	193.233.132.253	192.168.2.4
May 6, 2024 02:59:14.348351002 CEST	49735	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:14.618202925 CEST	50500	49735	193.233.132.253	192.168.2.4
May 6, 2024 02:59:15.129482985 CEST	49735	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:15.399285078 CEST	50500	49735	193.233.132.253	192.168.2.4
May 6, 2024 02:59:15.540800095 CEST	49742	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:15.810971022 CEST	50500	49742	193.233.132.253	192.168.2.4
May 6, 2024 02:59:16.317102909 CEST	49742	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:16.587234974 CEST	50500	49742	193.233.132.253	192.168.2.4
May 6, 2024 02:59:17.098361015 CEST	49742	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:17.368509054 CEST	50500	49742	193.233.132.253	192.168.2.4
May 6, 2024 02:59:17.879492044 CEST	49742	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:18.149641037 CEST	50500	49742	193.233.132.253	192.168.2.4
May 6, 2024 02:59:18.660747051 CEST	49742	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:18.930846930 CEST	50500	49742	193.233.132.253	192.168.2.4
May 6, 2024 02:59:19.051657915 CEST	49743	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:19.311604023 CEST	50500	49743	193.233.132.253	192.168.2.4
May 6, 2024 02:59:19.817085981 CEST	49743	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:20.077068090 CEST	50500	49743	193.233.132.253	192.168.2.4
May 6, 2024 02:59:20.582638025 CEST	49743	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:20.845453024 CEST	50500	49743	193.233.132.253	192.168.2.4
May 6, 2024 02:59:21.348390102 CEST	49743	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:21.608361006 CEST	50500	49743	193.233.132.253	192.168.2.4
May 6, 2024 02:59:22.113956928 CEST	49743	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:22.374006033 CEST	50500	49743	193.233.132.253	192.168.2.4
May 6, 2024 02:59:22.503684044 CEST	49744	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:22.762744904 CEST	50500	49744	193.233.132.253	192.168.2.4
May 6, 2024 02:59:23.270133972 CEST	49744	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:23.529151917 CEST	50500	49744	193.233.132.253	192.168.2.4
May 6, 2024 02:59:24.035746098 CEST	49744	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:24.294852972 CEST	50500	49744	193.233.132.253	192.168.2.4
May 6, 2024 02:59:24.801383018 CEST	49744	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:25.060467005 CEST	50500	49744	193.233.132.253	192.168.2.4
May 6, 2024 02:59:25.567120075 CEST	49744	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:25.826172113 CEST	50500	49744	193.233.132.253	192.168.2.4
May 6, 2024 02:59:26.192863941 CEST	49745	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:26.454266071 CEST	50500	49745	193.233.132.253	192.168.2.4
May 6, 2024 02:59:26.957608938 CEST	49745	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:27.219799042 CEST	50500	49745	193.233.132.253	192.168.2.4
May 6, 2024 02:59:27.723244905 CEST	49745	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:27.985213995 CEST	50500	49745	193.233.132.253	192.168.2.4
May 6, 2024 02:59:28.488868952 CEST	49745	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:28.750087023 CEST	50500	49745	193.233.132.253	192.168.2.4
May 6, 2024 02:59:29.254504919 CEST	49745	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:29.515826941 CEST	50500	49745	193.233.132.253	192.168.2.4
May 6, 2024 02:59:32.265851974 CEST	49746	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:32.540127039 CEST	50500	49746	193.233.132.253	192.168.2.4
May 6, 2024 02:59:33.223347902 CEST	49746	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:33.495963097 CEST	50500	49746	193.233.132.253	192.168.2.4
May 6, 2024 02:59:34.035974979 CEST	49746	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:34.308619022 CEST	50500	49746	193.233.132.253	192.168.2.4
May 6, 2024 02:59:34.817142010 CEST	49746	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:35.089745045 CEST	50500	49746	193.233.132.253	192.168.2.4
May 6, 2024 02:59:35.598393917 CEST	49746	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:35.873050928 CEST	50500	49746	193.233.132.253	192.168.2.4
May 6, 2024 02:59:36.004797935 CEST	49747	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:36.259445906 CEST	50500	49747	193.233.132.253	192.168.2.4
May 6, 2024 02:59:36.770267010 CEST	49747	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:37.024961948 CEST	50500	49747	193.233.132.253	192.168.2.4
May 6, 2024 02:59:37.535871029 CEST	49747	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:37.793184996 CEST	50500	49747	193.233.132.253	192.168.2.4
May 6, 2024 02:59:38.301383018 CEST	49747	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:38.556382895 CEST	50500	49747	193.233.132.253	192.168.2.4
May 6, 2024 02:59:39.067030907 CEST	49747	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:39.321783066 CEST	50500	49747	193.233.132.253	192.168.2.4
May 6, 2024 02:59:39.442717075 CEST	49748	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:39.710298061 CEST	50500	49748	193.233.132.253	192.168.2.4
May 6, 2024 02:59:40.223429918 CEST	49748	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:40.490247011 CEST	50500	49748	193.233.132.253	192.168.2.4
May 6, 2024 02:59:41.004607916 CEST	49748	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:41.271460056 CEST	50500	49748	193.233.132.253	192.168.2.4
May 6, 2024 02:59:41.785782099 CEST	49748	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:42.052716017 CEST	50500	49748	193.233.132.253	192.168.2.4
May 6, 2024 02:59:42.567037106 CEST	49748	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:42.833813906 CEST	50500	49748	193.233.132.253	192.168.2.4
May 6, 2024 02:59:42.965735912 CEST	49749	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:43.225596905 CEST	50500	49749	193.233.132.253	192.168.2.4
May 6, 2024 02:59:43.738965034 CEST	49749	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:43.997947931 CEST	50500	49749	193.233.132.253	192.168.2.4
May 6, 2024 02:59:44.504512072 CEST	49749	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:44.763364077 CEST	50500	49749	193.233.132.253	192.168.2.4
May 6, 2024 02:59:45.270154953 CEST	49749	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:45.532404900 CEST	50500	49749	193.233.132.253	192.168.2.4
May 6, 2024 02:59:46.051372051 CEST	49749	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:46.310308933 CEST	50500	49749	193.233.132.253	192.168.2.4
May 6, 2024 02:59:46.734625101 CEST	49750	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:46.990932941 CEST	50500	49750	193.233.132.253	192.168.2.4
May 6, 2024 02:59:47.504762888 CEST	49750	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:47.757189989 CEST	50500	49750	193.233.132.253	192.168.2.4
May 6, 2024 02:59:48.270275116 CEST	49750	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:48.524605036 CEST	50500	49750	193.233.132.253	192.168.2.4
May 6, 2024 02:59:49.035947084 CEST	49750	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:49.288425922 CEST	50500	49750	193.233.132.253	192.168.2.4
May 6, 2024 02:59:49.801500082 CEST	49750	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:50.053864002 CEST	50500	49750	193.233.132.253	192.168.2.4
May 6, 2024 02:59:51.225378990 CEST	49751	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:51.486432076 CEST	50500	49751	193.233.132.253	192.168.2.4
May 6, 2024 02:59:51.988917112 CEST	49751	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:52.247400045 CEST	50500	49751	193.233.132.253	192.168.2.4
May 6, 2024 02:59:52.754586935 CEST	49751	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:53.013012886 CEST	50500	49751	193.233.132.253	192.168.2.4
May 6, 2024 02:59:53.520175934 CEST	49751	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:53.778549910 CEST	50500	49751	193.233.132.253	192.168.2.4
May 6, 2024 02:59:54.285767078 CEST	49751	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:54.544253111 CEST	50500	49751	193.233.132.253	192.168.2.4
May 6, 2024 02:59:54.667769909 CEST	49753	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:54.943258047 CEST	50500	49753	193.233.132.253	192.168.2.4
May 6, 2024 02:59:55.457655907 CEST	49753	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:55.733251095 CEST	50500	49753	193.233.132.253	192.168.2.4
May 6, 2024 02:59:56.238922119 CEST	49753	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:56.514272928 CEST	50500	49753	193.233.132.253	192.168.2.4
May 6, 2024 02:59:57.020175934 CEST	49753	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:57.295741081 CEST	50500	49753	193.233.132.253	192.168.2.4
May 6, 2024 02:59:57.803391933 CEST	49753	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:58.078835011 CEST	50500	49753	193.233.132.253	192.168.2.4
May 6, 2024 02:59:58.212994099 CEST	49754	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:58.485562086 CEST	50500	49754	193.233.132.253	192.168.2.4
May 6, 2024 02:59:58.988929987 CEST	49754	50500	192.168.2.4	193.233.132.253
May 6, 2024 02:59:59.261439085 CEST	50500	49754	193.233.132.253	192.168.2.4
May 6, 2024 02:59:59.770174980 CEST	49754	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:00.042701960 CEST	50500	49754	193.233.132.253	192.168.2.4
May 6, 2024 03:00:00.551418066 CEST	49754	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:00.823935986 CEST	50500	49754	193.233.132.253	192.168.2.4
May 6, 2024 03:00:01.332657099 CEST	49754	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:01.605137110 CEST	50500	49754	193.233.132.253	192.168.2.4
May 6, 2024 03:00:01.727669954 CEST	49755	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:01.994330883 CEST	50500	49755	193.233.132.253	192.168.2.4
May 6, 2024 03:00:02.504548073 CEST	49755	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:02.771244049 CEST	50500	49755	193.233.132.253	192.168.2.4
May 6, 2024 03:00:03.288460016 CEST	49755	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:03.555144072 CEST	50500	49755	193.233.132.253	192.168.2.4
May 6, 2024 03:00:04.067047119 CEST	49755	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:04.334036112 CEST	50500	49755	193.233.132.253	192.168.2.4
May 6, 2024 03:00:04.848297119 CEST	49755	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:05.115024090 CEST	50500	49755	193.233.132.253	192.168.2.4
May 6, 2024 03:00:05.250725031 CEST	49756	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:05.505626917 CEST	50500	49756	193.233.132.253	192.168.2.4
May 6, 2024 03:00:06.020181894 CEST	49756	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:06.274421930 CEST	50500	49756	193.233.132.253	192.168.2.4
May 6, 2024 03:00:06.785881996 CEST	49756	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:07.041157007 CEST	50500	49756	193.233.132.253	192.168.2.4
May 6, 2024 03:00:07.551480055 CEST	49756	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:07.806168079 CEST	50500	49756	193.233.132.253	192.168.2.4
May 6, 2024 03:00:08.317075014 CEST	49756	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:08.571887016 CEST	50500	49756	193.233.132.253	192.168.2.4
May 6, 2024 03:00:08.697877884 CEST	49757	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:08.962774992 CEST	50500	49757	193.233.132.253	192.168.2.4
May 6, 2024 03:00:09.473297119 CEST	49757	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:09.738176107 CEST	50500	49757	193.233.132.253	192.168.2.4
May 6, 2024 03:00:10.239468098 CEST	49757	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:10.504451990 CEST	50500	49757	193.233.132.253	192.168.2.4
May 6, 2024 03:00:11.004553080 CEST	49757	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:11.269273043 CEST	50500	49757	193.233.132.253	192.168.2.4
May 6, 2024 03:00:11.775635004 CEST	49757	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:12.040411949 CEST	50500	49757	193.233.132.253	192.168.2.4
May 6, 2024 03:00:12.427867889 CEST	49758	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:12.703097105 CEST	50500	49758	193.233.132.253	192.168.2.4
May 6, 2024 03:00:13.207832098 CEST	49758	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:13.483172894 CEST	50500	49758	193.233.132.253	192.168.2.4
May 6, 2024 03:00:13.988982916 CEST	49758	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:14.264264107 CEST	50500	49758	193.233.132.253	192.168.2.4
May 6, 2024 03:00:14.770381927 CEST	49758	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:15.045856953 CEST	50500	49758	193.233.132.253	192.168.2.4
May 6, 2024 03:00:15.556477070 CEST	49758	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:15.831576109 CEST	50500	49758	193.233.132.253	192.168.2.4
May 6, 2024 03:00:16.851356030 CEST	49759	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:17.117057085 CEST	50500	49759	193.233.132.253	192.168.2.4
May 6, 2024 03:00:17.629550934 CEST	49759	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:17.895308971 CEST	50500	49759	193.233.132.253	192.168.2.4
May 6, 2024 03:00:18.395195007 CEST	49759	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:18.661062002 CEST	50500	49759	193.233.132.253	192.168.2.4
May 6, 2024 03:00:19.176426888 CEST	49759	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:19.442183971 CEST	50500	49759	193.233.132.253	192.168.2.4
May 6, 2024 03:00:20.051435947 CEST	49759	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:20.317148924 CEST	50500	49759	193.233.132.253	192.168.2.4
May 6, 2024 03:00:20.442528963 CEST	49760	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:20.712065935 CEST	50500	49760	193.233.132.253	192.168.2.4
May 6, 2024 03:00:21.254579067 CEST	49760	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:21.524220943 CEST	50500	49760	193.233.132.253	192.168.2.4
May 6, 2024 03:00:22.035907030 CEST	49760	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:22.306014061 CEST	50500	49760	193.233.132.253	192.168.2.4
May 6, 2024 03:00:22.817198992 CEST	49760	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:23.088584900 CEST	50500	49760	193.233.132.253	192.168.2.4
May 6, 2024 03:00:23.598347902 CEST	49760	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:23.867965937 CEST	50500	49760	193.233.132.253	192.168.2.4
May 6, 2024 03:00:23.998816967 CEST	49761	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:24.260611057 CEST	50500	49761	193.233.132.253	192.168.2.4
May 6, 2024 03:00:24.770349979 CEST	49761	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:25.032130003 CEST	50500	49761	193.233.132.253	192.168.2.4
May 6, 2024 03:00:25.535826921 CEST	49761	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:25.797604084 CEST	50500	49761	193.233.132.253	192.168.2.4
May 6, 2024 03:00:26.301449060 CEST	49761	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:26.563108921 CEST	50500	49761	193.233.132.253	192.168.2.4
May 6, 2024 03:00:27.067064047 CEST	49761	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:27.328790903 CEST	50500	49761	193.233.132.253	192.168.2.4
May 6, 2024 03:00:27.459606886 CEST	49762	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:27.720678091 CEST	50500	49762	193.233.132.253	192.168.2.4
May 6, 2024 03:00:28.223320961 CEST	49762	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:28.487535954 CEST	50500	49762	193.233.132.253	192.168.2.4
May 6, 2024 03:00:28.989074945 CEST	49762	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:29.250139952 CEST	50500	49762	193.233.132.253	192.168.2.4
May 6, 2024 03:00:29.754666090 CEST	49762	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:30.016915083 CEST	50500	49762	193.233.132.253	192.168.2.4
May 6, 2024 03:00:30.520203114 CEST	49762	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:30.781291962 CEST	50500	49762	193.233.132.253	192.168.2.4
May 6, 2024 03:00:30.918519020 CEST	49763	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:31.185955048 CEST	50500	49763	193.233.132.253	192.168.2.4
May 6, 2024 03:00:31.692076921 CEST	49763	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:31.959517956 CEST	50500	49763	193.233.132.253	192.168.2.4
May 6, 2024 03:00:32.473330975 CEST	49763	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:32.740839958 CEST	50500	49763	193.233.132.253	192.168.2.4
May 6, 2024 03:00:33.254673004 CEST	49763	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:33.522083044 CEST	50500	49763	193.233.132.253	192.168.2.4
May 6, 2024 03:00:34.035953999 CEST	49763	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:34.303356886 CEST	50500	49763	193.233.132.253	192.168.2.4
May 6, 2024 03:00:34.427550077 CEST	49764	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:34.687120914 CEST	50500	49764	193.233.132.253	192.168.2.4
May 6, 2024 03:00:35.192079067 CEST	49764	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:35.451719999 CEST	50500	49764	193.233.132.253	192.168.2.4
May 6, 2024 03:00:35.957742929 CEST	49764	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:36.218174934 CEST	50500	49764	193.233.132.253	192.168.2.4
May 6, 2024 03:00:36.723354101 CEST	49764	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:36.983572006 CEST	50500	49764	193.233.132.253	192.168.2.4
May 6, 2024 03:00:37.489053965 CEST	49764	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:37.751811981 CEST	50500	49764	193.233.132.253	192.168.2.4
May 6, 2024 03:00:37.886632919 CEST	49765	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:38.139848948 CEST	50500	49765	193.233.132.253	192.168.2.4
May 6, 2024 03:00:38.645242929 CEST	49765	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:38.900235891 CEST	50500	49765	193.233.132.253	192.168.2.4
May 6, 2024 03:00:39.410835981 CEST	49765	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:39.663880110 CEST	50500	49765	193.233.132.253	192.168.2.4
May 6, 2024 03:00:40.176454067 CEST	49765	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:40.432024002 CEST	50500	49765	193.233.132.253	192.168.2.4
May 6, 2024 03:00:40.942112923 CEST	49765	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:41.195178986 CEST	50500	49765	193.233.132.253	192.168.2.4
May 6, 2024 03:00:41.319905043 CEST	49766	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:41.585621119 CEST	50500	49766	193.233.132.253	192.168.2.4
May 6, 2024 03:00:42.098366976 CEST	49766	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:42.364713907 CEST	50500	49766	193.233.132.253	192.168.2.4
May 6, 2024 03:00:42.879615068 CEST	49766	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:43.145318031 CEST	50500	49766	193.233.132.253	192.168.2.4
May 6, 2024 03:00:43.660835028 CEST	49766	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:43.930756092 CEST	50500	49766	193.233.132.253	192.168.2.4
May 6, 2024 03:00:44.442079067 CEST	49766	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:44.707676888 CEST	50500	49766	193.233.132.253	192.168.2.4
May 6, 2024 03:00:44.899101019 CEST	49767	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:45.160078049 CEST	50500	49767	193.233.132.253	192.168.2.4
May 6, 2024 03:00:45.660852909 CEST	49767	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:45.921685934 CEST	50500	49767	193.233.132.253	192.168.2.4
May 6, 2024 03:00:46.427891016 CEST	49767	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:46.688719988 CEST	50500	49767	193.233.132.253	192.168.2.4
May 6, 2024 03:00:47.192198038 CEST	49767	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:47.452914000 CEST	50500	49767	193.233.132.253	192.168.2.4
May 6, 2024 03:00:47.957746983 CEST	49767	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:48.218477964 CEST	50500	49767	193.233.132.253	192.168.2.4
May 6, 2024 03:00:48.349479914 CEST	49768	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:48.615288019 CEST	50500	49768	193.233.132.253	192.168.2.4
May 6, 2024 03:00:49.129580021 CEST	49768	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:49.395303011 CEST	50500	49768	193.233.132.253	192.168.2.4
May 6, 2024 03:00:49.899132967 CEST	49768	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:50.166145086 CEST	50500	49768	193.233.132.253	192.168.2.4
May 6, 2024 03:00:50.676563025 CEST	49768	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:50.942326069 CEST	50500	49768	193.233.132.253	192.168.2.4
May 6, 2024 03:00:51.457820892 CEST	49768	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:51.723690987 CEST	50500	49768	193.233.132.253	192.168.2.4
May 6, 2024 03:00:51.849201918 CEST	49769	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:52.110811949 CEST	50500	49769	193.233.132.253	192.168.2.4
May 6, 2024 03:00:52.614181995 CEST	49769	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:52.875766993 CEST	50500	49769	193.233.132.253	192.168.2.4
May 6, 2024 03:00:53.395332098 CEST	49769	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:53.657874107 CEST	50500	49769	193.233.132.253	192.168.2.4
May 6, 2024 03:00:54.176537037 CEST	49769	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:54.438163996 CEST	50500	49769	193.233.132.253	192.168.2.4
May 6, 2024 03:00:54.988998890 CEST	49769	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:55.250658989 CEST	50500	49769	193.233.132.253	192.168.2.4
May 6, 2024 03:00:55.396692991 CEST	49770	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:55.656337976 CEST	50500	49770	193.233.132.253	192.168.2.4
May 6, 2024 03:00:56.192130089 CEST	49770	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:56.451601028 CEST	50500	49770	193.233.132.253	192.168.2.4
May 6, 2024 03:00:56.957734108 CEST	49770	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:57.217259884 CEST	50500	49770	193.233.132.253	192.168.2.4
May 6, 2024 03:00:57.723469973 CEST	49770	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:57.984484911 CEST	50500	49770	193.233.132.253	192.168.2.4
May 6, 2024 03:00:58.492238998 CEST	49770	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:58.751828909 CEST	50500	49770	193.233.132.253	192.168.2.4
May 6, 2024 03:00:58.880347967 CEST	49771	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:59.150708914 CEST	50500	49771	193.233.132.253	192.168.2.4
May 6, 2024 03:00:59.660963058 CEST	49771	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:00:59.927459955 CEST	50500	49771	193.233.132.253	192.168.2.4
May 6, 2024 03:01:00.442131042 CEST	49771	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:01:00.711503983 CEST	50500	49771	193.233.132.253	192.168.2.4
May 6, 2024 03:01:01.223460913 CEST	49771	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:01:01.490575075 CEST	50500	49771	193.233.132.253	192.168.2.4
May 6, 2024 03:01:02.004632950 CEST	49771	50500	192.168.2.4	193.233.132.253
May 6, 2024 03:01:02.271338940 CEST	50500	49771	193.233.132.253	192.168.2.4

Target ID:	0
Start time:	02:58:54
Start date:	06/05/2024
Path:	C:\Users\user\Desktop\9vZbHuuOq6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\9vZbHuuOq6.exe"
Imagebase:	0x400000
File size:	8'876'792 bytes
MD5 hash:	67696E7AA22AD87CE8CCEC3A1BAF5FD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.5%
Total number of Nodes:	389
Total number of Limit Nodes:	58

Executed Functions

Function 0041E220 Relevance: 18.3, APIs: 12, Instructions: 260
networksleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(FFFFFFFF,0000FFFF,00001006,?,00000008), ref: 0041E2B2
recv.WS2_32(?,00000004,00000002), ref: 0041E2CD
WSAGetLastError.WS2_32 ref: 0041E2D1
recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 0041E34F
recv.WS2_32(00000000,0000000C,00000008), ref: 0041E370
setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 0041E40C
recv.WS2_32(00000000,?,00000008), ref: 0041E427

Part of subcall function 0041D430: WSAStartup.WS2_32 ref: 0041D45A
Part of subcall function 0041D430: socket.WS2_32(?,?,?), ref: 0041D4FD
Part of subcall function 0041D430: connect.WS2_32(00000000,?,?), ref: 0041D511
Part of subcall function 0041D430: closesocket.WS2_32(00000000), ref: 0041D51D
Part of subcall function 0041D430: WSACleanup.WS2_32 ref: 0041D530

recv.WS2_32(?,00000004,00000008), ref: 0041E52F
__Xtime_get_ticks.LIBCPMT ref: 0041E536
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041E544
Sleep.KERNEL32(00000001,00000000,?,00002710,00000000), ref: 0041E5BD
Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 0041E5C5

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: recv$Sleepsetsockopt$CleanupErrorLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectsocket
String ID:
API String ID: 2144401278-0
Opcode ID: 44db78022ce7cb86e52f9ce30c650c0a51f2aa7bda62323fddde91d12fa6538a
Instruction ID: 445f019a92e67a07c5577944838b6ba889f153fe2f7e7f97530082f2635256d3
Opcode Fuzzy Hash: 44db78022ce7cb86e52f9ce30c650c0a51f2aa7bda62323fddde91d12fa6538a
Instruction Fuzzy Hash: BFB1BB74D00208DFDB10DFA5DC49BDEBBB1BF55308F20421AE514AB2D2E7B85989DB85

Uniqueness

Uniqueness Score: -1.00%

Function 0045D9F0 Relevance: 7.7, APIs: 5, Instructions: 159
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCursorPos.USER32(?), ref: 0045DA07
GetCursorPos.USER32(?), ref: 0045DA15
Sleep.KERNELBASE(000003E9,?,?,00000000,?,?,?,?,?,?,?,?,0045DDB8), ref: 0045DACA
GetCursorPos.USER32(?), ref: 0045DAD1
Sleep.KERNELBASE(00000001,?,?,00000000,?,?,?,?,?,?,?,?,0045DDB8), ref: 0045DB87

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cursor$Sleep
String ID:
API String ID: 1847515627-0
Opcode ID: c4591bf9691031c74ac81d3d91b402504cde8bdb698409130495207794fcc1ab
Instruction ID: 3ae8ae9da4e721699466eb19210c222f995b09c5e267ed4c544a27ebf6e68209
Opcode Fuzzy Hash: c4591bf9691031c74ac81d3d91b402504cde8bdb698409130495207794fcc1ab
Instruction Fuzzy Hash: 64519A31A082428FC724CF18C4D0E6AB7E2EF89705F19499EE8959B352D735FD49CB85

Uniqueness

Uniqueness Score: -1.00%

Function 014DCAC2 Relevance: 1.5, APIs: 1, Instructions: 11
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtSetInformationThread.NTDLL(00D71042,C293E2AD,01453C12,DB3A483A,CB32EBB0,5D2C888B,?,0146E08E,014C3590,E1A4413E,?,BDA8A009,014ECCA1,813E88A1), ref: 014DCAC6

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: InformationThread
String ID:
API String ID: 4046476035-0
Opcode ID: cc236359d73543cf197141e1397a1a9f3f77d24dcbd19cd9df3f5ccdc9e2f7f5
Instruction ID: 82d7fe5b794541b6993bc7d875a02199d7fd3bbced37cd69fd4cefa7eff13523
Opcode Fuzzy Hash: cc236359d73543cf197141e1397a1a9f3f77d24dcbd19cd9df3f5ccdc9e2f7f5
Instruction Fuzzy Hash: D2C01231E4030CDB46509E48D800158B3E0E648260F0181B99D1897310E6329E114682

Uniqueness

Uniqueness Score: -1.00%

Function 0041D430 Relevance: 7.6, APIs: 5, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 0041D45A
socket.WS2_32(?,?,?), ref: 0041D4FD
connect.WS2_32(00000000,?,?), ref: 0041D511
closesocket.WS2_32(00000000), ref: 0041D51D
WSACleanup.WS2_32 ref: 0041D530

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CleanupStartupclosesocketconnectsocket
String ID:
API String ID: 2410783842-0
Opcode ID: b8cec1b5da19e7e486ccadc28a86ccf17f59c24d9ac7475a9335b40b8a416d73
Instruction ID: 6a8b5d562f4db579dae361d41fe7059a0c53c704e49a862ea3616876fd78caed
Opcode Fuzzy Hash: b8cec1b5da19e7e486ccadc28a86ccf17f59c24d9ac7475a9335b40b8a416d73
Instruction Fuzzy Hash: 6431C572904710AFC7209F25EC446ABB7E5BFC4368F144B1EF874932E0E374A8488A56

Uniqueness

Uniqueness Score: -1.00%

Function 004F1AC4 Relevance: 4.8, APIs: 3, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6f3813e94120b2047d9362b1337ce667299d3a9b7c471ca04e7e3821e7cfd4
Instruction ID: e1f0bbcd43b77d7626f4e77856158d48870e96d21c9a9c54683f95f8a13591de
Opcode Fuzzy Hash: 7b6f3813e94120b2047d9362b1337ce667299d3a9b7c471ca04e7e3821e7cfd4
Instruction Fuzzy Hash: D5B15974E0424CEFDB11DF99D880BBE7BB1AF56304F14415AE6049B3A2C778AD42CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004F3893 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,hN), ref: 004F38D4

Strings

hN, xrefs: 004F38AC, 004F38A7, 004F38C0, 004F38CB

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AllocateHeap
String ID: hN
API String ID: 1279760036-3631290788
Opcode ID: 4b738e08c8238f13c158b6f4aebdfc83a859e181ea2e4dc4c4678612e856ec98
Instruction ID: e138f4603294848592488f8e504d332de797348aa899f191c1844a830e0ba78f
Opcode Fuzzy Hash: 4b738e08c8238f13c158b6f4aebdfc83a859e181ea2e4dc4c4678612e856ec98
Instruction Fuzzy Hash: 95F0BB3110052C67DB217F63DC05BBB37D89F517E2B154027BE08D6151CB3CD94556E9

Uniqueness

Uniqueness Score: -1.00%

Function 004F1FB3 Relevance: 2.6, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32(00000000,00000000,CF830579,?,004F1E9A,00000000,CF830579,0053DEE0,0000000C,004F1F56,004E62AD,?), ref: 004F2009
GetLastError.KERNEL32(?,004F1E9A,00000000,CF830579,0053DEE0,0000000C,004F1F56,004E62AD,?), ref: 004F2013

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 78de2ae522f5a605ebf5855348281caf9b3b05313d227ff89cb1f4387682573a
Instruction ID: 7325f995ab1d0edea04c9430a2d772de52edec8bb75abc569f0cf97b230181a8
Opcode Fuzzy Hash: 78de2ae522f5a605ebf5855348281caf9b3b05313d227ff89cb1f4387682573a
Instruction Fuzzy Hash: F311293360825C5ED62063795845B7F67898F9373CF25015FFB08872E2DF6D9982929C

Uniqueness

Uniqueness Score: -1.00%

Function 004E2032 Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca496ef47f0e7f3bd31ff4d0c6dd67ba7ae3da1b984ba6e74bea7cea9b832298
Instruction ID: a945f24e44b28e743e936d21751d2e95920c4c00ec505ba9b30c130e86fbcea3
Opcode Fuzzy Hash: ca496ef47f0e7f3bd31ff4d0c6dd67ba7ae3da1b984ba6e74bea7cea9b832298
Instruction Fuzzy Hash: 6151F670A00284AFDF14CF5ACD81AAABFB5EF45315F24815AF9085B352C3B5DE41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD80 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__fread_nolock.LIBCMT ref: 0040AE5B

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 99e0d63b71475c6052c150b354b93d123efdb9e30bf11dbcebd4af53bab1e08a
Instruction ID: 1127ce1ec7c8d27c0e919fcb5e8746caf44b64379a7458c512068b4d54095021
Opcode Fuzzy Hash: 99e0d63b71475c6052c150b354b93d123efdb9e30bf11dbcebd4af53bab1e08a
Instruction Fuzzy Hash: 06310770900344EBDB10EF6AC945B9F7BA8EF44754F10006EF505AB2C2D7B99A41CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00402F50 Relevance: 1.5, APIs: 1, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00402F9F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 5410288b21276262ceff9b4e06134ed30accaa22fa1f7f4ad07cb62e1c69a01c
Instruction ID: 922f6ea32f6fac839a196189dfb9ef5f71be3718e8211864cdecdc298bb8bebd
Opcode Fuzzy Hash: 5410288b21276262ceff9b4e06134ed30accaa22fa1f7f4ad07cb62e1c69a01c
Instruction Fuzzy Hash: 6AF0F0725401028BCB286F65D9098EAB3B8EE143A6310047FF88CD36D2E77ED840A784

Uniqueness

Uniqueness Score: -1.00%

Function 004F42CD Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,004F9713,4D88C033), ref: 004F42FF

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2198638593cbac858731316a311480fbe239b50477190752b525c17ad8c2d171
Instruction ID: 89252cde3629954a7dd651662e79814aadfa885b8aeb937b2ffe9774318fd193
Opcode Fuzzy Hash: 2198638593cbac858731316a311480fbe239b50477190752b525c17ad8c2d171
Instruction Fuzzy Hash: 23E0A02530421896D63126AA9C04BBB3A489BC23B8F160167BF0596291DF2CCC0181FE

Uniqueness

Uniqueness Score: -1.00%

Function 004EB74C Relevance: 1.3, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00000000,?,?,?,004EB856,00000000,?,00000000,00000002,0053DB98,00000000,00000000,00000000,0053DB98,0000000C,004E684E), ref: 004EB795

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 67635d8b729ae6903c65b0b30b5db55b4f67fedfa01514e4e7d532381152a944
Instruction ID: 384096725cce8be96e4ab00bbb6ce162e331f1cfeb537b4fcb45676fe5c1bc8b
Opcode Fuzzy Hash: 67635d8b729ae6903c65b0b30b5db55b4f67fedfa01514e4e7d532381152a944
Instruction Fuzzy Hash: 09014836210159AFCF058F6ACC0589F3B29EFC5321B240209F8109B2A0E734ED428BD0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0041AB90 Relevance: 181.7, Strings: 144, Instructions: 1711COMMON

Download Yara Rule

Strings

^, xrefs: 0041B1A5
U, xrefs: 0041BB0C
X, xrefs: 0041C156
S, xrefs: 0041BAF7
], xrefs: 0041B5C0
NAZ^E@J, xrefs: 0041B7C6
\, xrefs: 0041C133
\, xrefs: 0041B05E
S, xrefs: 0041BB28
^, xrefs: 0041B573
/, xrefs: 0041B0CE
NAZ^E@J, xrefs: 0041C3B7
NAZ^E@J, xrefs: 0041B73B
k, xrefs: 0041C1BF
L, xrefs: 0041B026
^, xrefs: 0041B02D
1, xrefs: 0041BB3D
V, xrefs: 0041C179
H, xrefs: 0041C72E
), xrefs: 0041C19C
V, xrefs: 0041B07A
m, xrefs: 0041C1AA
3, xrefs: 0041BB4B
NMD^D^, xrefs: 0041AE94
{, xrefs: 0041BB52
https://www.maxmind.com/en/locate-my-ip-address, xrefs: 0041C0AD
*, xrefs: 0041BB44
Z, xrefs: 0041C117
D]@oR]WQ, xrefs: 0041C644
>, xrefs: 0041C1E2
+, xrefs: 0041C1FE
N, xrefs: 0041B06C
+, xrefs: 0041C1D4
@, xrefs: 0041C584
^, xrefs: 0041B581
Z, xrefs: 0041C187
IO[Q, xrefs: 0041B773
Z, xrefs: 0041C16B
Content-Type: application/x-www-form-urlencoded, xrefs: 0041ACC6, 0041AFE0, 0041BA6B
h, xrefs: 0041C1CD
NAZ^E@J, xrefs: 0041C357
H, xrefs: 0041B5D5
@, xrefs: 0041C732
v, xrefs: 0041C1B8
IO[Q, xrefs: 0041B8D2
NAZ^, xrefs: 0041CCCA
NG[I, xrefs: 0041C6C8
w, xrefs: 0041C1C6
D^, xrefs: 0041ADED
y, xrefs: 0041B0C7
Y, xrefs: 0041C148
L, xrefs: 0041BAB8
&, xrefs: 0041B0E3
[, xrefs: 0041C18E
IKB_x\U[, xrefs: 0041BD7D
Z, xrefs: 0041B5E3
5, xrefs: 0041C1B1
, xrefs: 0041C1F7
[, xrefs: 0041BAE2
I, xrefs: 0041BAB1
Z, xrefs: 0041B5EA
T, xrefs: 0041BB05
-, xrefs: 0041B5F1
K, xrefs: 0041C141
S, xrefs: 0041C15D
^, xrefs: 0041B5CE
x@D^, xrefs: 0041CEA2
Z, xrefs: 0041B5A4
NAZ^E@J, xrefs: 0041C5E4
H, xrefs: 0041B081
c, xrefs: 0041C1F0
2, xrefs: 0041B0AB
NAZ^E@JwZRR, xrefs: 0041BDF2
D, xrefs: 0041B1A1
, xrefs: 0041C1DB
NG[I, xrefs: 0041B88B
W, xrefs: 0041B588
1, xrefs: 0041C1A3
^, xrefs: 0041B1CF
IKB_x\U[, xrefs: 0041BC3E
Z, xrefs: 0041B050
6, xrefs: 0041BB59
F, xrefs: 0041B57A
Y, xrefs: 0041C11E
\KZD, xrefs: 0041AD16
H, xrefs: 0041C580
X, xrefs: 0041BAE9
COBUB, xrefs: 0041C713
NG[I, xrefs: 0041C51A
Z, xrefs: 0041BB2F
Q, xrefs: 0041B5B9
IKB_x\U[, xrefs: 0041BCA5
T, xrefs: 0041BB1A
m, xrefs: 0041B5FF
\, xrefs: 0041C14F
P, xrefs: 0041C195
IO[Q, xrefs: 0041B6E8
NG[I, xrefs: 0041CD60
7, xrefs: 0041B0C0
NG[I, xrefs: 0041BED6
NG[I, xrefs: 0041B916
X, xrefs: 0041B09D
X, xrefs: 0041C125
n, xrefs: 0041BB36
COBUB, xrefs: 0041C565
IO[Q, xrefs: 0041B6B2
D, xrefs: 0041B56C
IO[Q, xrefs: 0041B847
A, xrefs: 0041BACD
5, xrefs: 0041B0D5
(, xrefs: 0041B0DC
D^D^, xrefs: 0041AE29
D, xrefs: 0041B1CB
], xrefs: 0041B59D
D, xrefs: 0041B057
., xrefs: 0041B5F8
NG[I, xrefs: 0041BF7D
], xrefs: 0041B5C7
], xrefs: 0041BAFE
,, xrefs: 0041B0B2
{, xrefs: 0041BB60
P, xrefs: 0041BADB
D]@oR]WQ, xrefs: 0041C4D3
D]@oR]WQ, xrefs: 0041C417
2, xrefs: 0041C1E9
P, xrefs: 0041B065
IKB_x\U[, xrefs: 0041BF39
#, xrefs: 0041B0B9
NMNMD^D^, xrefs: 0041AEBE
NAZ^E@J, xrefs: 0041C473
@, xrefs: 0041B5B2
\, xrefs: 0041B088
Y, xrefs: 0041BAC6
v, xrefs: 0041C7CE
NAZ^E@JwZRR, xrefs: 0041BD1A
R, xrefs: 0041BB21
F, xrefs: 0041B034
IKB_x\U[, xrefs: 0041BE92
U, xrefs: 0041C172
https://ipinfo.io/, xrefs: 0041B502
S, xrefs: 0041C13A
P, xrefs: 0041B0A4
], xrefs: 0041B58F
NAZ^E@J, xrefs: 0041C2F7

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: $ $#$&$($)$*$+$+$,$-$.$/$1$1$2$2$3$5$5$6$7$>$@$@$@$A$COBUB$COBUB$Content-Type: application/x-www-form-urlencoded$D$D$D$D$D]@oR]WQ$D]@oR]WQ$D]@oR]WQ$D^$D^D^$F$F$H$H$H$H$I$IKB_x\U[$IKB_x\U[$IKB_x\U[$IKB_x\U[$IKB_x\U[$IO[Q$IO[Q$IO[Q$IO[Q$IO[Q$K$L$L$N$NAZ^$NAZ^E@J$NAZ^E@J$NAZ^E@J$NAZ^E@J$NAZ^E@J$NAZ^E@J$NAZ^E@J$NAZ^E@JwZRR$NAZ^E@JwZRR$NG[I$NG[I$NG[I$NG[I$NG[I$NG[I$NG[I$NMD^D^$NMNMD^D^$P$P$P$P$Q$R$S$S$S$S$T$T$U$U$V$V$W$X$X$X$X$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$[$[$\$\$\$\$\KZD$]$]$]$]$]$^$^$^$^$^$^$c$h$https://ipinfo.io/$https://www.maxmind.com/en/locate-my-ip-address$k$m$m$n$v$v$w$x@D^$y${${
API String ID: 667068680-885736618
Opcode ID: 9bc20bda2cce80f10290e55c0ff1bb6db14e164cecedb3c19a61391e153ec16f
Instruction ID: af10e48e41735ffd3632e62ffe04eda334a77cc2672fc0ad9219d83fbf44dfaa
Opcode Fuzzy Hash: 9bc20bda2cce80f10290e55c0ff1bb6db14e164cecedb3c19a61391e153ec16f
Instruction Fuzzy Hash: 4D133C70908698D9DB22D768CD597DEBFB45F22308F0441DED1887B282D7B90F88DB66

Uniqueness

Uniqueness Score: -1.00%

Function 0044C160 Relevance: 106.5, Strings: 83, Instructions: 2710COMMON

Download Yara Rule

Strings

\, xrefs: 0044D4D1
oO[D, xrefs: 0044CB35
iG\S^@Wdat, xrefs: 0044C424, 0044C43F
(, xrefs: 0044E2B1
C]DG, xrefs: 0044E31F
,, xrefs: 0044D211
\, xrefs: 0044E1A7
x\N^, xrefs: 0044E8B6, 0044E8CC
AGJRP], xrefs: 0044DDD7, 0044DDEF
~ZJQ\, xrefs: 0044D012, 0044D024
s@\C, xrefs: 0044D455
bGAR, xrefs: 0044DE8F
nFJT^F, xrefs: 0044D56B, 0044D583
hMZ2, xrefs: 0044C7F7
cK[R, xrefs: 0044EB23
nALs^Q, xrefs: 0044E7EF, 0044E801
~^ZD, xrefs: 0044E5E5
2'1d, xrefs: 0044C9CA
ZAD], xrefs: 0044EB39
N[M`, xrefs: 0044DFEA
nAB_U], xrefs: 0044E247, 0044E25F
cGLXC]^Q, xrefs: 0044E705, 0044E71F
$2&, xrefs: 0044D78B
fABUES, xrefs: 0044D72B, 0044D743
^JqF, xrefs: 0044EB2D
tOATTJ, xrefs: 0044CE53, 0044CE6C
qJFCR]AP, xrefs: 0044C383
$, xrefs: 0044E767
VWYY, xrefs: 0044C280
\, xrefs: 0044D691
d\FT, xrefs: 0044D195
N[M`, xrefs: 0044EADD
hMZ2, xrefs: 0044D95A
i\NW^\, xrefs: 0044E097, 0044E0AF
yA]SY, xrefs: 0044E167, 0044E17C
iG\S, xrefs: 0044C1F5
hMZ2, xrefs: 0044E74A
nF]_\[FY, xrefs: 0044CC60, 0044CC7F
`OWD, xrefs: 0044E405
$$+-, xrefs: 0044C647
qlND, xrefs: 0044CABF
6", xrefs: 0044EA5C
(, xrefs: 0044CCD1
<, xrefs: 0044CECC
nF]_\]W[, xrefs: 0044E9A2, 0044E9BF
nF]_\W, xrefs: 0044C7B5, 0044C7CC
nG[BX], xrefs: 0044DC0D, 0044DC25
qJFC, xrefs: 0044C26E
b^JB, xrefs: 0044C5AC
}, xrefs: 0044D4AF
nF]_\[FYc_RO\H, xrefs: 0044DB2B, 0044DB43
nF]_\WcX@E, xrefs: 0044D2C3, 0044D2DF
, xrefs: 0044D05B
$, xrefs: 0044D977
K, xrefs: 0044EB43
o\NFT, xrefs: 0044C981, 0044C993
b^JBP, xrefs: 0044C6D5, 0044C6EC
N[M`, xrefs: 0044DC50
lZ@], xrefs: 0044EA96
$, xrefs: 0044C814
qjFCR]AP, xrefs: 0044C1C6, 0044C1DF
{GYQ, xrefs: 0044D615
)"6&, xrefs: 0044CEAA
rNZ2, xrefs: 0044C62A
<39;, xrefs: 0044CEC2
n\V@E]gUW, xrefs: 0044CA7F, 0044CA97
N[M`, xrefs: 0044C717
Xm@J|WW]T, xrefs: 0044DA18, 0044DA30
C, xrefs: 0044D37A
lCFW^, xrefs: 0044D0F1, 0044D103
b\MY, xrefs: 0044DF6C
cxftxs, xrefs: 0044CF54, 0044CF6C
nKAD, xrefs: 0044D44B
\, xrefs: 0044DD3A
nF]_, xrefs: 0044CD35
Obj3, xrefs: 0044D76E
R]AP, xrefs: 0044C274
q}[U, xrefs: 0044CF91
hJHU, xrefs: 0044C89D, 0044C8AF
nA@G^\, xrefs: 0044DCF7, 0044DD0F
JMZ2, xrefs: 0044D8E5
akL%, xrefs: 0044E56A
iG\S^@WwTXVJ@, xrefs: 0044C331, 0044C34F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: $ 6"$$$$$$$$$+-$$2&$($($)"6&$,$2'1d$<$<39;$AGJRP]$C$C]DG$JMZ2$K$N[M`$N[M`$N[M`$N[M`$Obj3$R]AP$VWYY$Xm@J|WW]T$ZAD]$\$\$\$\$^JqF$`OWD$akL%$bGAR$b\MY$b^JB$b^JBP$cGLXC]^Q$cK[R$cxftxs$d\FT$fABUES$hJHU$hMZ2$hMZ2$hMZ2$iG\S$iG\S^@Wdat$iG\S^@WwTXVJ@$i\NW^\$lCFW^$lZ@]$nA@G^\$nAB_U]$nALs^Q$nFJT^F$nF]_$nF]_\W$nF]_\WcX@E$nF]_\[FY$nF]_\[FYc_RO\H$nF]_\]W[$nG[BX]$nKAD$n\V@E]gUW$oO[D$o\NFT$qJFC$qJFCR]AP$qjFCR]AP$qlND$q}[U$rNZ2$s@\C$tOATTJ$x\N^$yA]SY${GYQ$}$~ZJQ\$~^ZD
API String ID: 0-3607767172
Opcode ID: 15599010ec18101d203b44aeb715c651d4df8ffaa7bb84b3fd79a3f7bf173eb9
Instruction ID: d0a8b0a6f9bd28e1d732ca30bea541d95a35adb2b9cc3745df5cd271690b03dc
Opcode Fuzzy Hash: 15599010ec18101d203b44aeb715c651d4df8ffaa7bb84b3fd79a3f7bf173eb9
Instruction Fuzzy Hash: 0D4390B0C006699ADF15DF68C9156EEBBB4AF15308F0442CED45837282DB791B8ACFD6

Uniqueness

Uniqueness Score: -1.00%

Function 00434B20 Relevance: 99.1, APIs: 3, Strings: 52, Instructions: 2840COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00434C41

Part of subcall function 0040AB40: __fread_nolock.LIBCMT ref: 0040AC3C

CreateDirectoryA.KERNEL32(?,00000000,?,515A7F71,?,00000000,515A7F71,515A7F72,?,?,AAHY_A,AAHY_A,00000000), ref: 00436806
CreateDirectoryA.KERNEL32(?,00000000), ref: 00436B77

Strings

W, xrefs: 00437106
KA]]bGQY\Bbju, xrefs: 00435F25, 00435F32
qEJI, xrefs: 00436C14
qMJB, xrefs: 00437474
AAHY_A, xrefs: 00435B91, 00435B9E
W, xrefs: 004373EC
\, xrefs: 00434DBC
}\@V, xrefs: 00434D00
X\C, xrefs: 00436155, 0043617F, 00436182, 00436183
_EXV, xrefs: 00434E68
Y, xrefs: 00436462
qMJB, xrefs: 004373D6
}O[X, xrefs: 00434DB1, 00434DB4
AAHY_A, xrefs: 00436696, 0043669C
juRJ, xrefs: 0043674E
\, xrefs: 0043694E
qMJB, xrefs: 00437194
]O\CF]AP, xrefs: 0043581B, 0043584F
]\@VX^V, xrefs: 00435421, 00435454
]O\CF]AP, xrefs: 0043654B, 0043657F
qEJI, xrefs: 00436D5B
KA]]bGQY\Bbju, xrefs: 00435F91, 00435F9E
W, xrefs: 004371A8
X\C, xrefs: 00435565, 00435592
AAHY_A, xrefs: 00435B41, 00435B4E
X\C, xrefs: 00435FDC, 00436009, 0043600C, 0043600D
NK]D, xrefs: 00437282
_, xrefs: 0043693E
qEJI, xrefs: 00436B85
cannot use operator[] with a string argument with , xrefs: 00437803, 0043785D
qEJI, xrefs: 00436EC4
AAHY_A, xrefs: 00434BBE, 00434BC5
qEJI, xrefs: 0043701E
]\@VX^V, xrefs: 00435D92, 00435DBF
qMJB, xrefs: 004370F0
_FFY, xrefs: 00436744
EA\D_S^Q, xrefs: 00436104, 00436111
qB@W, xrefs: 00434E58
q^]_qB@W, xrefs: 00434C92
AAHY_A, xrefs: 00435958, 0043595E
W, xrefs: 004375F2
3, xrefs: 00437814
W[_Q, xrefs: 00434C6C
W, xrefs: 00437313
AAHY_, xrefs: 004356B7, 004356E4
qEJI, xrefs: 00436E33
q^]_, xrefs: 00434C65
qMJB, xrefs: 004372FF
W, xrefs: 00437488
NK]D, xrefs: 0043755F
KA]]bGQY\Bbju, xrefs: 00435EC2, 00435ECF
qMJB, xrefs: 004375DE

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CreateDirectory$FolderPath__fread_nolock
String ID: 3$AAHY_$AAHY_A$AAHY_A$AAHY_A$AAHY_A$AAHY_A$EA\D_S^Q$KA]]bGQY\Bbju$KA]]bGQY\Bbju$KA]]bGQY\Bbju$NK]D$NK]D$W$W$W$W$W$W$W[_Q$X\C$X\C$X\C$Y$\$\$]O\CF]AP$]O\CF]AP$]\@VX^V$]\@VX^V$_$_EXV$_FFY$cannot use operator[] with a string argument with $juRJ$qB@W$qEJI$qEJI$qEJI$qEJI$qEJI$qEJI$qMJB$qMJB$qMJB$qMJB$qMJB$qMJB$q^]_$q^]_qB@W$}O[X$}\@V
API String ID: 2621208598-1229346615
Opcode ID: 4014f3027e0ac9fdcf7d3f68304ad18750d40ee9b4815e26f7903aea6ec37dca
Instruction ID: 8b1f9e8dc1e78d5b531f9d96a36e7c6f0b697dc3b6735c4dc3683cf700b88c9c
Opcode Fuzzy Hash: 4014f3027e0ac9fdcf7d3f68304ad18750d40ee9b4815e26f7903aea6ec37dca
Instruction Fuzzy Hash: 9A53D070C042989EDF25DB64CC487EEBBB4AF19308F1481DED44967282EB785B89CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD50 Relevance: 73.2, APIs: 16, Strings: 25, Instructions: 1490registryCOMMON

Download Yara Rule

APIs

Part of subcall function 004EAB9B: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EABCF

RegOpenKeyExA.ADVAPI32(80000002,?,00000000,x@D^y@D^,00000000), ref: 0040CF74
RegQueryValueExA.ADVAPI32(00000000,584C4F60,00000000,00020019,?,00000400), ref: 0040CFCC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,5E444078,00000000), ref: 0040D65A
RegQueryValueExA.ADVAPI32(00000000,54405C7D,00000000,00020019,?,00000400), ref: 0040D6B2
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040D9CA
GetKeyboardLayoutList.USER32(?,00000000), ref: 0040D9EE
LocalFree.KERNEL32(5E444078), ref: 0040DA8B
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 0040DC84
RegQueryValueExA.ADVAPI32(00000000,?,00000000,00020019,?,00000400), ref: 0040DCD9
Process32Next.KERNEL32(00000000,00000128), ref: 0040E076
Process32Next.KERNEL32(00000000,?), ref: 0040E0C2
CloseHandle.KERNEL32(00000000), ref: 0040E0CD
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 0040E181
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,01005D08), ref: 0040E218
RegQueryValueExA.ADVAPI32(01005D08,405C4769,00000000,000F003F,?,00000400), ref: 0040E26D
RegQueryValueExA.ADVAPI32(01005D08,405C4769,00000000,000F003F,?,00000400), ref: 0040E2B7

Strings

b, xrefs: 0040E4EA
iG\@, xrefs: 0040E237
1.9, xrefs: 0040CE57
]SJb, xrefs: 0040E285
DQGz, xrefs: 0040D680
F;=, xrefs: 0040CE39
$tc, xrefs: 0040E0D6
DEFAULT16, xrefs: 0040CE16
?/#, xrefs: 0040DC2F
|[, xrefs: 0040D84E
N35, xrefs: 0040DF22
xt:2, xrefs: 0040DD98
#=01, xrefs: 0040DC47
<23, xrefs: 0040E12B
?<*>, xrefs: 0040D608
TDRe, xrefs: 0040E0E4
x@D^y@D^, xrefs: 0040CF63
iO[U, xrefs: 0040CEAE
%m, xrefs: 0040D002, 0040D721, 0040DD14, 0040E2FF, 0040E317
PDDQ, xrefs: 0040E28C
]SJz, xrefs: 0040E23E
iG\@, xrefs: 0040E27E
&%8*, xrefs: 0040DC51
'\Y, xrefs: 0040DD3C
}\@T, xrefs: 0040D679

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: OpenQueryValue$KeyboardLayoutListNextProcess32$CloseFreeHandleLocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: $tc$#=01$%m$&%8*$'\Y$1.9$<23$?/#$?<*>$DEFAULT16$DQGz$F;=$N35$PDDQ$TDRe$]SJb$]SJz$b$iG\@$iG\@$iO[U$x@D^y@D^$xt:2$|[$}\@T
API String ID: 456262222-3629067819
Opcode ID: 5501d97b97f3cccc5fc26cfa1eaf39c5ab235c3113812405db05c79f3e1f13e5
Instruction ID: 4674737d974ad9736871ff28c0c8f5c7497e7a48f4589c1cd8c8aff0f44d3ffc
Opcode Fuzzy Hash: 5501d97b97f3cccc5fc26cfa1eaf39c5ab235c3113812405db05c79f3e1f13e5
Instruction Fuzzy Hash: BCE28F71C0025DDADB11DBA4CC45BEEB7B8BF15308F00419AE549B7282EBB81B89CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00438770 Relevance: 36.3, APIs: 1, Strings: 19, Instructions: 1278COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?,?,?,?), ref: 004388A3

Strings

q^]_, xrefs: 004388C7
cannot use operator[] with a string argument with , xrefs: 00439A06
P, xrefs: 004388DC
), xrefs: 004390B6
/, xrefs: 00438B26
#, xrefs: 004396D4
]O[X, xrefs: 004396BF, 004396C6
52si, xrefs: 00439123
\, xrefs: 00438C3B
FG[Q, xrefs: 00438D10
}\@V, xrefs: 00438960
u, xrefs: 0043912D
}O[X, xrefs: 004389F4, 004389F7
mf/9, xrefs: 0043910B
KGCU, xrefs: 0043948B
KGCU, xrefs: 00439423
\, xrefs: 004389FF
q^CQ, xrefs: 00438D00
W[_Q, xrefs: 004388CE

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: FolderPath
String ID: #$)$/$52si$FG[Q$KGCU$KGCU$P$W[_Q$\$\$]O[X$cannot use operator[] with a string argument with $mf/9$q^CQ$q^]_$u$}O[X$}\@V
API String ID: 1514166925-3031204171
Opcode ID: 83b7a6e883b2636806548bd4ae93b9f254fe958b1f112960b3a340fdef4319ce
Instruction ID: 96268e6c4ef77f7f33f3ce0b8211b03ddd8b975c00817b3561813b7a8be30a19
Opcode Fuzzy Hash: 83b7a6e883b2636806548bd4ae93b9f254fe958b1f112960b3a340fdef4319ce
Instruction Fuzzy Hash: 43C2E370D04259CBDB25DB64C9447EEBBB0AF19308F1441DEE4496B282EBB85F88CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004099A0 Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 280libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(5C4B5A43), ref: 00409A30
GetProcAddress.KERNEL32(00000000,?), ref: 00409A40
GetModuleHandleA.KERNEL32(5C4B5A43), ref: 00409AA6
GetProcAddress.KERNEL32(00000000,cZ~ET@J{W\R[M), ref: 00409AAD
CloseHandle.KERNEL32(00000000), ref: 00409B68
CreateThread.KERNEL32(00000000,00000000,Function_00009830,?,00000000,00000000), ref: 00409C1A
CloseHandle.KERNEL32(00000000), ref: 00409CAA
CloseHandle.KERNEL32(00000000), ref: 00409CD1
CloseHandle.KERNEL32(00000000), ref: 00409D35

Strings

CZK\, xrefs: 00409A79
Y, xrefs: 00409A09
cZ~ET@J{W\R[M, xrefs: 00409AA8, 00409AAB
I, xrefs: 004099DB
%, xrefs: 00409BC8
CZK\, xrefs: 004099FB
File, xrefs: 00409B9C
Wzq, xrefs: 00409C26
ULZ!, xrefs: 00409BC1
Y, xrefs: 00409A87

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Handle$Close$AddressModuleProc$CreateThread
String ID: %$CZK\$CZK\$File$I$ULZ!$Wzq$Y$Y$cZ~ET@J{W\R[M
API String ID: 829322933-433291615
Opcode ID: 8472a6a84ebc57d00c3e443b655dfaa99737edf93f08717251099f8fac4f4470
Instruction ID: 9da6c4cc8b5f042ad92e78e41982ec9ebddbe4d340cfee746ad660784dce5b6e
Opcode Fuzzy Hash: 8472a6a84ebc57d00c3e443b655dfaa99737edf93f08717251099f8fac4f4470
Instruction Fuzzy Hash: F9B1AA71D40248EBDF10CFA4DC49BEEBBB4BF09300F14406AE505BB292E778A945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004176B0 Relevance: 31.2, APIs: 5, Strings: 12, Instructions: 1401fileregistryCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,00000000), ref: 00417A9B
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00417B24
CopyFileA.KERNEL32(?,?,00000000), ref: 00417F3D

Part of subcall function 004160B0: GetModuleHandleA.KERNEL32(5E5D4B66,?), ref: 00416186
Part of subcall function 004160B0: GetProcAddress.KERNEL32(00000000,n\JQEWcFZURKJ{), ref: 00416191

__Xtime_get_ticks.LIBCPMT ref: 00418832
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00418840

Strings

7, xrefs: 00417AE5
\, xrefs: 00417DA2
g, xrefs: 004183B4
#!:;, xrefs: 00417AD1
%m, xrefs: 00417B62
\, xrefs: 004178E6
/, xrefs: 0041890C
202, xrefs: 004176F3, 00417735, 00417774, 00418783
\, xrefs: 00417C62
vmj, xrefs: 00417B59
jznfx, xrefs: 0041773A
aalq}scdqwcy, xrefs: 004177FE, 00417805

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CopyFile$AddressHandleModuleOpenProcUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
String ID: #!:;$%m$/$202$7$\$\$\$aalq}scdqwcy$g$jznfx$vmj
API String ID: 1157274205-41445954
Opcode ID: ae66b4f4157e6f4712aa05564cbaffdca4279f80a310e2a1734367c6680b251c
Instruction ID: 630c56acb66fd6a82eb681330dd5f3133ce2753e5105876d6c352612f12de1ed
Opcode Fuzzy Hash: ae66b4f4157e6f4712aa05564cbaffdca4279f80a310e2a1734367c6680b251c
Instruction Fuzzy Hash: 6DD2F370C04258CBDF15CF64C9997EEBBB1AF15308F14829ED0497B292EB785AC8CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00416490 Relevance: 30.9, APIs: 3, Strings: 14, Instructions: 1192fileregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040B1A0: GetLastError.KERNEL32(?,0045E8D7,00000000,00000000,?,00000000), ref: 0040B207

CopyFileA.KERNEL32(?,?,00000000), ref: 00416821
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 0041689E
CopyFileA.KERNEL32(?,?,00000000), ref: 00416C88

Strings

7, xrefs: 00416868
/, xrefs: 004174F5
\, xrefs: 00416AF2
#!:;, xrefs: 00416857
\, xrefs: 004169B0
\, xrefs: 004166B6
%m, xrefs: 004168DC
202, xrefs: 004164DE, 0041652E, 00416574
b^JBaKHQ, xrefs: 00416533
g, xrefs: 004171C4
B^J^, xrefs: 00417545, 0041754C
j?Z, xrefs: 0041754F
vmj, xrefs: 004168D3
qwcy, xrefs: 004165B1

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CopyFile$ErrorLastOpen
String ID: #!:;$%m$/$202$7$B^J^$\$\$\$b^JBaKHQ$g$j?Z$qwcy$vmj
API String ID: 1206503995-271793834
Opcode ID: 3d92f4bb1efb1d58a5250e4c1021fba12010f4b7f14eee6856f5c713331d3765
Instruction ID: 4255fdaa2bab791dea0b3645542051e56b5ef5c059f4ccc47c6dcbef41b97356
Opcode Fuzzy Hash: 3d92f4bb1efb1d58a5250e4c1021fba12010f4b7f14eee6856f5c713331d3765
Instruction Fuzzy Hash: E1B2E370C04298CBDF15CFA4C9597EDBBB1AF16308F10829ED4497B292D7B85A88CF65

Uniqueness

Uniqueness Score: -1.00%

Function 004378A0 Relevance: 30.8, APIs: 1, Strings: 16, Instructions: 1023COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 004379A8

Strings

\, xrefs: 00437D4B
W[_Q, xrefs: 004379D3
!9%!, xrefs: 00437FD1
cannot use operator[] with a string argument with , xrefs: 004386D8, 0043872D
L[[_W[_X, xrefs: 004385F7, 004385FA
P, xrefs: 004379E1
<::', xrefs: 00437FC7
[OCET, xrefs: 00438424, 0043844C
\, xrefs: 00437B0F
COBU, xrefs: 00438323, 0043832A
q^]_, xrefs: 004379CC
/, xrefs: 00437C36
b, xrefs: 00437FDB
L[[_W[_X, xrefs: 0043793D, 00437944
, xrefs: 004386E9
}O[X, xrefs: 00437B04, 00437B07

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: FolderPath
String ID: $!9%!$/$<::'$COBU$L[[_W[_X$L[[_W[_X$P$W[_Q$[OCET$\$\$b$cannot use operator[] with a string argument with $q^]_$}O[X
API String ID: 1514166925-1758765438
Opcode ID: bc29547f635ef04cca162d416c5fa42c1848f96451d98dfdec1895ad32f55a2b
Instruction ID: 41fd87d48c8ca4e69090cbb880dc653a8072a860b3c7f11ec9dae40d702ca342
Opcode Fuzzy Hash: bc29547f635ef04cca162d416c5fa42c1848f96451d98dfdec1895ad32f55a2b
Instruction Fuzzy Hash: 6FA20570D04258DBDF24DB64C844BDEFBB4AF19308F1441DEE449A7282EB789A89CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00481A30 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 241libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(7861677A,00000000,Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36,0000006F,00000000,?,?,?,?,?,?,00000000,005136EC,000000FF), ref: 00481B16
GetProcAddress.KERNEL32(00000000,?), ref: 00481B5C
GetProcAddress.KERNEL32(00000000,?), ref: 00481B96
GetProcAddress.KERNEL32(00000000,zGAxEFCw), ref: 00481BCE
GetProcAddress.KERNEL32(00000000,?), ref: 00481C06
GetProcAddress.KERNEL32(00000000,?), ref: 00481C48
GetProcAddress.KERNEL32(00000000,?), ref: 00481C79
GetProcAddress.KERNEL32(00000000,?), ref: 00481CB6
GetProcAddress.KERNEL32(00000000,?), ref: 00481CE6
GetProcAddress.KERNEL32(00000000,?), ref: 00481D17
GetProcAddress.KERNEL32(00000000,?), ref: 00481D48

Strings

zGAxEFCw, xrefs: 00481BC5, 00481BCC
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36, xrefs: 00481ACE
zgax, xrefs: 00481AE5
, xrefs: 00481C28
zGAx, xrefs: 00481B1E
ZXY], xrefs: 00481B2E

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: $Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36$ZXY]$zGAx$zGAxEFCw$zgax
API String ID: 667068680-3788473628
Opcode ID: bb62a17d303293bca5bce2e379daeca9358aeb99a41a5de4b636aad00d318111
Instruction ID: 3893852c46e1b9e2fe09e0da7d5706bf1dfb080c4d8abac11284872718ed0e23
Opcode Fuzzy Hash: bb62a17d303293bca5bce2e379daeca9358aeb99a41a5de4b636aad00d318111
Instruction Fuzzy Hash: 25B1C670C18388CEDB15CFA8D9447EEBBF4EF2E308F14025EE445A6552E774628ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 00414ED0 Relevance: 23.8, APIs: 5, Strings: 8, Instructions: 1084registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 0041500D
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00415164
RegOpenKeyExA.ADVAPI32(?,?,00000000,00020006,?), ref: 004152A2
RegOpenKeyExA.ADVAPI32(?,?,00000000,00020006,?), ref: 004154B6
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00415606

Strings

1+,, xrefs: 00414F9B
HVJ, xrefs: 00415229, 0041522E
,)), xrefs: 00415A6F
i_T), xrefs: 00415384
"9<p, xrefs: 00415247
RJV&, xrefs: 00415A61
(!"0, xrefs: 00415A68
;22*, xrefs: 00415260

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Create$Open
String ID: "9<p$(!"0$,))$1+,$;22*$HVJ$RJV&$i_T)
API String ID: 2373840890-3362436799
Opcode ID: 8e3a6242f57ee593a6a5ee45c1d75649edc5c6cde69b5f63b02d891b720b493b
Instruction ID: a49b9f4d71f190c90e96616819f092b4e5298144083c9d34a71ab899d1ccd092
Opcode Fuzzy Hash: 8e3a6242f57ee593a6a5ee45c1d75649edc5c6cde69b5f63b02d891b720b493b
Instruction Fuzzy Hash: 51A2AA30A14659CFDB18CF58C890BFEB7B1FF89708F19418AD8456F262D774A986CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00482FE0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 169libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,d@[UC\V@zFRVx), ref: 0048302C
GetProcAddress.KERNEL32(00000000,?), ref: 0048305D
GetProcAddress.KERNEL32(00000000,?), ref: 0048308D
GetProcAddress.KERNEL32(00000000,?), ref: 004830BD
GetProcAddress.KERNEL32(00000000,?), ref: 004830ED
GetProcAddress.KERNEL32(00000000,eZ[@d@[U), ref: 00483128
GetProcAddress.KERNEL32(00000000,?), ref: 00483166
GetProcAddress.KERNEL32(00000000,?), ref: 00483196
GetProcAddress.KERNEL32(00000000,?), ref: 004831C6
GetProcAddress.KERNEL32(00000000,?), ref: 004831FB

Strings

eZ[@d@[U, xrefs: 0048311F, 00483126
d@[UC\V@zFRVx, xrefs: 00483023, 00483026

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressProc
String ID: d@[UC\V@zFRVx$eZ[@d@[U
API String ID: 190572456-3816776021
Opcode ID: 0086bd72a9730490b639fda46c759591d33e9bc308ddd07fa1b220761d75b958
Instruction ID: 1dab872f668686fb4dd0c15dcd35f48264e5027c6666df552fdc21609d4c6373
Opcode Fuzzy Hash: 0086bd72a9730490b639fda46c759591d33e9bc308ddd07fa1b220761d75b958
Instruction Fuzzy Hash: 5D71FB7081428C99EB05CFA8D8057FEBBF8EF2A708F5541AFC841A6122E774538ED759

Uniqueness

Uniqueness Score: -1.00%

Function 00433C30 Relevance: 21.0, Strings: 16, Instructions: 1038COMMON

Download Yara Rule

Strings

Tm]U, xrefs: 00434984
ob`rn, xrefs: 00434416
;, xrefs: 00433C9D
c{c|, xrefs: 004342DD
cannot use operator[] with a string argument with , xrefs: 00434647, 0043469E, 004346F0
YOM\, xrefs: 0043497B
YOM\TA, xrefs: 004348FE, 00434905
ilco, xrefs: 004341E9
oJC, xrefs: 004345FC, 00433C8C, 00433C82
YOM\Tm]UXSD, xrefs: 004349A3
d`{o, xrefs: 00434005, 0043401C, 0043401E
~z}o, xrefs: 00433E05, 00433E1C, 00433E1E
d`{o, xrefs: 0043407F
~kcu, xrefs: 00433CA8
!, xrefs: 00434658
(, xrefs: 00434529

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: !$($;$Tm]U$YOM\$YOM\TA$YOM\Tm]UXSD$cannot use operator[] with a string argument with $c{c|$d`{o$d`{o$ilco$oJC$ob`rn$~kcu$~z}o
API String ID: 0-2898894955
Opcode ID: 11c4db9550463ac5663e9c886e9e06fc1022728e9a9ff2da98c44b54662a7e0a
Instruction ID: 91fc67774eded10e6928173acc8101cd3624dc01f6648b44eecfe6afae96ccd1
Opcode Fuzzy Hash: 11c4db9550463ac5663e9c886e9e06fc1022728e9a9ff2da98c44b54662a7e0a
Instruction Fuzzy Hash: 3CA2A070D04298DEDF11DFA8C9457DEBBB0AF19308F14419EE449B7282EB785B48CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0043C800 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(5C5A4F5B), ref: 0043C845
GetProcAddress.KERNEL32(00000000,?), ref: 0043C890
GetProcAddress.KERNEL32(?), ref: 0043C8CC
GetProcAddress.KERNEL32({OZ\EQ_]), ref: 0043C90B
GetProcAddress.KERNEL32({OZ\E}CQ[`VMUN), ref: 0043C94B
GetProcAddress.KERNEL32(?), ref: 0043C97E
GetProcAddress.KERNEL32({OZ\EuV@|BRU), ref: 0043C9BD
GetProcAddress.KERNEL32({OZ\EuV@|BRU), ref: 0043C9FC

Strings

{OZ\EuV@|BRU, xrefs: 0043C83D
{OZ\EuV@|BRU, xrefs: 0043C9AF, 0043C9B6
{OZ\E}CQ[`VMUN, xrefs: 0043C93D, 0043C944

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: {OZ\EuV@|BRU${OZ\EuV@|BRU${OZ\E}CQ[`VMUN
API String ID: 2238633743-369936291
Opcode ID: 57e11632002efb5bfcd70931f00c3ffead460f03966d0e2b2ad5e99ca36cd384
Instruction ID: 94c1818f0eacbf0da282ae7aede4cbc376fdf514301296aa0a496161b7dd9876
Opcode Fuzzy Hash: 57e11632002efb5bfcd70931f00c3ffead460f03966d0e2b2ad5e99ca36cd384
Instruction Fuzzy Hash: B671F47081424CDEDB05CFA8E9487DEBBF8EF1E308F1050AED449AA221D775425ADF69

Uniqueness

Uniqueness Score: -1.00%

Function 00418EE0 Relevance: 18.1, Strings: 13, Instructions: 1835COMMON

Download Yara Rule

Strings

IABQX\, xrefs: 00419CA4, 00419CAB
@O][nV\YT_YK, xrefs: 00419201, 0041920E
4, xrefs: 0041A8B0
., xrefs: 00419794
@O][nQ\A[BEQ\I, xrefs: 004192F1, 004192FE
RL[3, xrefs: 00419136
type must be boolean, but is , xrefs: 0041AA17, 0041AA48, 0041AAFE
,, xrefs: 0041932C
,, xrefs: 00419231
IABQX\, xrefs: 00419C72, 00419C79
IABQX\, xrefs: 00419764, 0041976B
IABQX\, xrefs: 00419732, 00419739
., xrefs: 00419CD4

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: ,$,$.$.$4$@O][nQ\A[BEQ\I$@O][nV\YT_YK$IABQX\$IABQX\$IABQX\$IABQX\$RL[3$type must be boolean, but is
API String ID: 0-95768595
Opcode ID: e0159de65ce621a8f3ceefa96c602c4e0ad6bea52f6f4f01e9b8f10c3d4fe407
Instruction ID: 43bfaf779e3b2cc4ddd30e7adc8d8f648887728464d7ae48a46b0308f03f7257
Opcode Fuzzy Hash: e0159de65ce621a8f3ceefa96c602c4e0ad6bea52f6f4f01e9b8f10c3d4fe407
Instruction Fuzzy Hash: F503BE709042988FDB25DF68C958BEEBBB0AF06304F0441CED44967292DB799EC9CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00409D90 Relevance: 16.8, APIs: 3, Strings: 6, Instructions: 1016COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32(00000000,00000128), ref: 00409EB7
Process32Next.KERNEL32(00000000,00000128), ref: 00409FC2
CloseHandle.KERNEL32(00000000), ref: 00409FDA

Strings

^XLX^AG, xrefs: 00409F6E
A]NC, xrefs: 00409F0D
/, xrefs: 0040A0DB
\, xrefs: 0040A879
B, xrefs: 00409F16
\, xrefs: 0040A126

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: NextProcess32$CloseHandle
String ID: /$A]NC$B$\$\$^XLX^AG
API String ID: 492451606-3594873477
Opcode ID: 0ef8d61e5b239cdc23e852acd1c4e6fd1e787e80fa67a9383a6cc773521cc713
Instruction ID: d1663f8040b92fda021aeacc8b9b868858c4b32fa7603092826bc5f96f2903e5
Opcode Fuzzy Hash: 0ef8d61e5b239cdc23e852acd1c4e6fd1e787e80fa67a9383a6cc773521cc713
Instruction Fuzzy Hash: 1C920471C002589BCF15CFA4C8587EEBB71AF52304F1482AED4597B2C2D7785E8ACB96

Uniqueness

Uniqueness Score: -1.00%

Function 0041F9B0 Relevance: 16.4, APIs: 2, Strings: 7, Instructions: 613COMMON

Download Yara Rule

Strings

AAHY_A, xrefs: 0041FE2E, 0041FE35
iKIQD^G, xrefs: 00422A0F, 00422A42
\, xrefs: 00422C0E
cannot use operator[] with a string argument with , xrefs: 004222CA, 0042231F, 004235A0, 00423604
), xrefs: 00423615
\, xrefs: 00420369
L[[_W[_X, xrefs: 004223FE, 00422405

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: )$AAHY_A$L[[_W[_X$\$\$cannot use operator[] with a string argument with $iKIQD^G
API String ID: 0-153746058
Opcode ID: 13d646b2d21941cb3a08d6c909762427d6238a9f64e80a6abafe874a5049b6a8
Instruction ID: 1bfbec9078668ea3c0a334e17ab48c6f7d642fdc981804d175af360472493c4b
Opcode Fuzzy Hash: 13d646b2d21941cb3a08d6c909762427d6238a9f64e80a6abafe874a5049b6a8
Instruction Fuzzy Hash: 7342DE70D04298DFDB14DFA4C954BDEBBB4AF15308F14819EE44867282EBB91B88CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00409690 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 117memorylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(5C4B5A43,0000000F,0000006C,74DE9350), ref: 00409708
GetProcAddress.KERNEL32(00000000,?), ref: 00409713
GetProcessHeap.KERNEL32 ref: 00409720
RtlAllocateHeap.NTDLL(00000000,00000000,00010000), ref: 00409736
RtlAllocateHeap.NTDLL(?,00000000,00010000), ref: 0040976C

Strings

CZK\, xrefs: 004096D3
RLR!, xrefs: 004096A6
Y, xrefs: 004096E1
5+,*, xrefs: 004096AD

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Heap$Allocate$AddressHandleModuleProcProcess
String ID: 5+,*$CZK\$RLR!$Y
API String ID: 3330366720-2818416494
Opcode ID: 209e0e501c6cfb79db8210340cb1a8afbd8a21270cbd46b646705857a23028df
Instruction ID: 938fd95c7b3b8acfe8cd903948549636bcf14eb461cc4fc0ca9bedaf8ae1575b
Opcode Fuzzy Hash: 209e0e501c6cfb79db8210340cb1a8afbd8a21270cbd46b646705857a23028df
Instruction Fuzzy Hash: 9A411871A04204EBDB10DFE9DC88BDEBBB8EF99314F10416AE908B7291D6745D05C794

Uniqueness

Uniqueness Score: -1.00%

Function 0040C490 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 416registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,?,00000000,-00020019,00000000,5E444078,5E444079,00000000), ref: 0040C571
RegQueryValueExA.ADVAPI32(00000000,584C4F60,00000000,00020019,?,00000400), ref: 0040C5D1

Strings

___, xrefs: 0040C6FE, 0040C726
_, xrefs: 0040C6E6
_, xrefs: 0040C6D1
`OLX, xrefs: 0040C58F
x@D^, xrefs: 0040C606
%m, xrefs: 0040C600

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: OpenQueryValue
String ID: %m$_$_$___$`OLX$x@D^
API String ID: 4153817207-67915135
Opcode ID: b433e44817f3db7491a6308e4ec66e33da63a5c1c3462d1a345fa343fad4348c
Instruction ID: 67d4b498b55e6c0e682a8f4407c82a25fd609f44ab3716a81f66e0bad65807cf
Opcode Fuzzy Hash: b433e44817f3db7491a6308e4ec66e33da63a5c1c3462d1a345fa343fad4348c
Instruction Fuzzy Hash: 3002E470C00258DEDB15CFA4C854BEEBBB4AF15308F1442AEE44577292EBB55B88CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF70 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 69libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(5C4B5A63), ref: 0040AFE5
GetProcAddress.KERNEL32(00000000,77435A7F), ref: 0040AFF0
GetVersionExA.KERNEL32(?), ref: 0040B00C

Strings

TFeQ, xrefs: 0040AF82
W, xrefs: 0040AF90
GE^W, xrefs: 0040AF89
cZK\, xrefs: 0040AFB3
Y, xrefs: 0040AFC1

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressHandleModuleProcVersion
String ID: GE^W$TFeQ$W$Y$cZK\
API String ID: 3310240892-1086790256
Opcode ID: 60427991cdceb2cad0dab6f978ed1a9f5ac345ed0f7b3bf2d0f0375cd31552c8
Instruction ID: 793f3c61ea309520a99c44be6daaaf3dafc34960a8dcea50f3aff9b5c9ba25aa
Opcode Fuzzy Hash: 60427991cdceb2cad0dab6f978ed1a9f5ac345ed0f7b3bf2d0f0375cd31552c8
Instruction Fuzzy Hash: 3621A1708042489ACF14CFA0D4487EFBBB9EF15308F5484EED429A7251E7398749DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0043FB60 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 476COMMON

Download Yara Rule

Strings

invalid stoi argument, xrefs: 00440823
2=>9, xrefs: 0043F969
stoi argument out of range, xrefs: 00440819
C"Y, xrefs: 0043FE2D
%m, xrefs: 0043F9D0
483, xrefs: 0043F970
Z, xrefs: 004404B9

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: %m$2=>9$483$C"Y$Z$invalid stoi argument$stoi argument out of range
API String ID: 0-3227995742
Opcode ID: b4326494335a116ebb9211ac239ef7d6517ae0f416ff8418c1ff863d923d1982
Instruction ID: ebe61c385046361fb66ea7e418388a7c5d3c92b2cc792cbb5935870e776f4df6
Opcode Fuzzy Hash: b4326494335a116ebb9211ac239ef7d6517ae0f416ff8418c1ff863d923d1982
Instruction Fuzzy Hash: 73020030D002489FDB14DFA8C945BEEBBB4EF19304F14825AE405B7391DB786A84CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004160B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(5E5D4B66,?), ref: 00416186
GetProcAddress.KERNEL32(00000000,n\JQEWcFZURKJ{), ref: 00416191

Strings

fK]^, xrefs: 00416153
D, xrefs: 004160EB
T^, xrefs: 0041615A
n\JQEWcFZURKJ{, xrefs: 0041618C, 0041618F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: D$T^$fK]^$n\JQEWcFZURKJ{
API String ID: 1646373207-3351344703
Opcode ID: 810c74ece9fcdcd3a2d5db9bc9fa249a79b9d5869c2c160b164463ae42b58f88
Instruction ID: 20759d2e347ee5a7150c5463c74874a3c96fe23736c4684719235aa2918e41d7
Opcode Fuzzy Hash: 810c74ece9fcdcd3a2d5db9bc9fa249a79b9d5869c2c160b164463ae42b58f88
Instruction Fuzzy Hash: C151F170D00218AFDB14CFA8CC85BEDBBB5FF48704F14819EE505AB292D778A945CB88

Uniqueness

Uniqueness Score: -1.00%

Function 004FD9FE Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 004FDC15

Strings

1#INF, xrefs: 004FDB34
1#IND, xrefs: 004FDB03
1#QNAN, xrefs: 004FDB11
1#SNAN, xrefs: 004FDB0A

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 0e2ed5b49a71db7edb4c9918cde58c2003b83436bbd4a7442f64b090fa33a0be
Instruction ID: b1d1e8faf0edb955e9bfb160be0bf5241ea47a9e7af8b379730f0368d314a84a
Opcode Fuzzy Hash: 0e2ed5b49a71db7edb4c9918cde58c2003b83436bbd4a7442f64b090fa33a0be
Instruction Fuzzy Hash: BAD24871E0822D8FDB65CE29CD40BEAB7B5EB44305F1441EAE50DE7250EB78AE818F45

Uniqueness

Uniqueness Score: -1.00%

Function 00406430 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 352COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004065C1
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004065FE
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004066F1
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040673E

Strings

., xrefs: 00406710

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_fs_directory_iterator_advance@8
String ID: .
API String ID: 2610647541-248832578
Opcode ID: ffb91df58715b704f8c2bd4bb9fb19ca84eaa80d94c267469a8e2fde6810019f
Instruction ID: 0ef23cfc4c65f78b20a5b115fbe71865ac88f3790106b09d81af8426c26c804f
Opcode Fuzzy Hash: ffb91df58715b704f8c2bd4bb9fb19ca84eaa80d94c267469a8e2fde6810019f
Instruction Fuzzy Hash: 5AD1D071900616DFCB20CF58C8947AEB7B4FF48328F15466AD816A77C0D73AAD65CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00487270 Relevance: 8.2, Strings: 6, Instructions: 742COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 004874CA
incorrect header check, xrefs: 004874D9
header crc mismatch, xrefs: 004879EB
unknown header flags set, xrefs: 0048753C
@?, xrefs: 004872FF
unknown compression method, xrefs: 0048743A, 00487525

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: @?$header crc mismatch$incorrect header check$invalid window size$unknown compression method$unknown header flags set
API String ID: 0-1842369662
Opcode ID: b678f276f688c6c5ecaeeebfcff00c9b93fe6b89deea715d86e2ad92fead112b
Instruction ID: 9aa5189a3e15f61f0d08ca17edc3678919425a9e5914fa6c7dfe686ea270ed07
Opcode Fuzzy Hash: b678f276f688c6c5ecaeeebfcff00c9b93fe6b89deea715d86e2ad92fead112b
Instruction Fuzzy Hash: DE62B0B0E042059FDB04EF59C5946AEBBF1BF48308F2489AED814AB342D739D946CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004E5B90 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3447c5f442cb295b333a382c0f0d2b2ed420420d43ef82b276c25580f959e04c
Instruction ID: 4d02195838d8b57434371ca8277230295ea2bc01f4ea471091d60e525c46aaf1
Opcode Fuzzy Hash: 3447c5f442cb295b333a382c0f0d2b2ed420420d43ef82b276c25580f959e04c
Instruction Fuzzy Hash: EC027D71E016199BDF14CFA9C980AAEFBF1FF48319F24826AD515E7340D735AA01CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF10 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 219COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 0041F1F5
std::_Throw_Cpp_error.LIBCPMT ref: 0041F206

Strings

|, xrefs: 0041F04D

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cpp_errorThrow_std::_
String ID: |
API String ID: 2134207285-2343686810
Opcode ID: 8764ededd6e8c04081a070d67d3818b00583d75f3c7104d8c99c947292cd3a4f
Instruction ID: aed8c3a8c6c54ed55328ba38879d3b5308bd757aedd797b683f3cf06478ea5c2
Opcode Fuzzy Hash: 8764ededd6e8c04081a070d67d3818b00583d75f3c7104d8c99c947292cd3a4f
Instruction Fuzzy Hash: 20812074900284DFDB04DF58C845BEEBBB0FF66308F18825EE4042B3A2D7799A49CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0041F3EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000000,000000FF), ref: 0041F3E5
LocalFree.KERNEL32(?), ref: 0041F414

Strings

jjjj, xrefs: 0041F3D9

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID: jjjj
API String ID: 1561624719-48926182
Opcode ID: e10df9da49bb0413d11a07df3ddbefa25ef834802d6ee390e87b55c9e02fd2bc
Instruction ID: 409469ce869bb278a755ece448acb5b2db033f64c44fe4e4698fcece5c69adc3
Opcode Fuzzy Hash: e10df9da49bb0413d11a07df3ddbefa25ef834802d6ee390e87b55c9e02fd2bc
Instruction Fuzzy Hash: DDF0A7B2C4011896DF109BA49C01BEFB765FB54721F004037DC59A3340EB3948898ADA

Uniqueness

Uniqueness Score: -1.00%

Function 00418BB0 Relevance: 5.2, Strings: 4, Instructions: 236COMMON

Download Yara Rule

Strings

%s|%s, xrefs: 00418DF9
:, xrefs: 00418CF0
202, xrefs: 00418DDD, 00418DED
Wzq, xrefs: 00418E5C

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: %s|%s$202$:$Wzq
API String ID: 0-35574652
Opcode ID: 526ca36adc23d20fbc47e8591cfd6d38027bc73dd417565fb6e37ca3cda94e12
Instruction ID: c8cd6250b5a3c44666772edf31e91a06c30c18bbd514b0cc127b75be8591c2be
Opcode Fuzzy Hash: 526ca36adc23d20fbc47e8591cfd6d38027bc73dd417565fb6e37ca3cda94e12
Instruction Fuzzy Hash: 5CA19971D00208EFDB14CFA4CC59BEEBBB4EF58304F108259E555AB291D7B46A84DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00471830 Relevance: 5.0, APIs: 3, Instructions: 526COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00471A43
Concurrency::cancel_current_task.LIBCPMT ref: 00471C0C
Concurrency::cancel_current_task.LIBCPMT ref: 00471DE1

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 9bbf2cb321a0813247f1614422da120a67706ceef6a39475d541855d2bd593c6
Instruction ID: 7ae3ae414bc99b3d9395d1cea142dbf7b5ae2c2229adef2a38bbc99e93c1dae5
Opcode Fuzzy Hash: 9bbf2cb321a0813247f1614422da120a67706ceef6a39475d541855d2bd593c6
Instruction Fuzzy Hash: 3F02A375E001199FDB08DFADCC91AEDB7B5EB58310F14822AE809E73A1E774AD05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00A1B3F8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

b, xrefs: 00A1B497
*n.?, xrefs: 00A1B409
B, xrefs: 00A1B44D

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: *n.?$B$b
API String ID: 0-3335544139
Opcode ID: bb1788e0f78a57979229475be2614135992b3dbb9991b6ba2faca86694ececd7
Instruction ID: fc54d69eae17589f9f5c47adde38f2c9e80cc6027e5b95025fd975e160ded9b0
Opcode Fuzzy Hash: bb1788e0f78a57979229475be2614135992b3dbb9991b6ba2faca86694ececd7
Instruction Fuzzy Hash: F46154311087028BC725EF2CE8509ABB7E1EFD6310F6049BCD4998B591EB365529CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00AE657A Relevance: 3.8, Strings: 3, Instructions: 97COMMON

Download Yara Rule

Strings

K1-, xrefs: 00A1D06F
k, xrefs: 00A1D074
K, xrefs: 00A1D08D

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: K1-$K$k
API String ID: 0-910940088
Opcode ID: f7a888cf1ef128ab26a8eb811ee26816a0abbe053a79a2dcb5fd9f03a0344eee
Instruction ID: a2bcb56892d75af4cdfd6e550b7d676ff50c40151789c316ad54f9b4efc9db2d
Opcode Fuzzy Hash: f7a888cf1ef128ab26a8eb811ee26816a0abbe053a79a2dcb5fd9f03a0344eee
Instruction Fuzzy Hash: 1331C9329146078FD70CEA18D4814EAB3E6EBE9315F65C63DD447D79C5DB748016CB41

Uniqueness

Uniqueness Score: -1.00%

Function 004149F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(FK]^T^), ref: 00414A56

Strings

FK]^T^, xrefs: 00414A4E, 00414A55

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: HandleModule
String ID: FK]^T^
API String ID: 4139908857-1252069868
Opcode ID: 4ddea7dec575290fa508b0dd871ea16d5e74cfbeedba0d192bcc717c4356015b
Instruction ID: c9be67c22f8dae48e8180622e96a15cc3166b113485f7b2a6776393f3796ffc8
Opcode Fuzzy Hash: 4ddea7dec575290fa508b0dd871ea16d5e74cfbeedba0d192bcc717c4356015b
Instruction Fuzzy Hash: 9901C070944208ABDB04CFA9C8847DDFBF8FF18300F40865AE008E7241E375A645C790

Uniqueness

Uniqueness Score: -1.00%

Function 004DC84D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,?,00513989,000000FF,?,004DC2A7,?,?,?,?,00414695,0045DC08), ref: 004DC885

Strings

`*@, xrefs: 004DC87F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Time$FilePreciseSystem
String ID: `*@
API String ID: 1802150274-2921439114
Opcode ID: c374915ace7bd8ed729e16a2c32b17a3e63ed9a4fdb6a60af6bef196b77022fa
Instruction ID: d79948878af719b9923ac0222e51701c8d7e0428775794487f61f6d1539845fc
Opcode Fuzzy Hash: c374915ace7bd8ed729e16a2c32b17a3e63ed9a4fdb6a60af6bef196b77022fa
Instruction Fuzzy Hash: 04F0E536904A58EFC7059F54EC40FD9BBA8FB48B54F10412BF81293790D775A904EB80

Uniqueness

Uniqueness Score: -1.00%

Function 00B5916C Relevance: 2.8, Strings: 2, Instructions: 319COMMON

Download Yara Rule

Strings

#, xrefs: 00A7DBFF
&, xrefs: 00B591BE

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: #$&
API String ID: 0-3870246384
Opcode ID: 445aa19e99be7912daa381d0c55bb2ae125655b1d24fb37e5d36633c805da5f2
Instruction ID: 99446f2b2c396e5df347d107d312bf6d80fbd1829c6553ede11dc9e7d900abf1
Opcode Fuzzy Hash: 445aa19e99be7912daa381d0c55bb2ae125655b1d24fb37e5d36633c805da5f2
Instruction Fuzzy Hash: 1DB185315187138FC71DEF28D8514EAB7E2EBC2320F64CA7DD4968B195E739A01ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 00C164E8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

E, xrefs: 00A49614
', xrefs: 00A49634

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: '$E
API String ID: 0-891149774
Opcode ID: b9205bc1893550459fef7334d7d712644c05ab5b1c8d11f23e5a0384b3df35d0
Instruction ID: 37b7c5e7706794c040a4dd65a7119ce02c9d5f21bc8fc564f2bfe03bbc9be65a
Opcode Fuzzy Hash: b9205bc1893550459fef7334d7d712644c05ab5b1c8d11f23e5a0384b3df35d0
Instruction Fuzzy Hash: 2A817A32108B168BC718EF28D8845BBB3E2FBD4321F508B7DA58AC7985D774951ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 00B121AA Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

62H, xrefs: 00B90288
", xrefs: 00A5FBB7

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: "$62H
API String ID: 0-4041321782
Opcode ID: 7a2f0c2c07945148e275570825d02e8d34fd449ee8eea798fc5ece43e8f53cee
Instruction ID: ded1e848a9b5375c202b3559cbbf3f7ac418f35d96082cc48b51901d70393b74
Opcode Fuzzy Hash: 7a2f0c2c07945148e275570825d02e8d34fd449ee8eea798fc5ece43e8f53cee
Instruction Fuzzy Hash: 8361A972528B558BD3189F3998860FBB3D2EBC5322F61872D94E2431D6CB39511BCAC5

Uniqueness

Uniqueness Score: -1.00%

Function 00A176D0 Relevance: 2.6, Strings: 2, Instructions: 103COMMON

Download Yara Rule

Strings

$, xrefs: 00A165F5
), xrefs: 00A1772D

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: $$)
API String ID: 0-1935625956
Opcode ID: 83c28236ee2bc6d96d867a7fe91b0f54af1a88e2257f0bb16a32bbae3df25934
Instruction ID: 7dbcc7f0a859e20c3c02b1bb3759a283460dceea5e073c06964ee9ca4a841fb6
Opcode Fuzzy Hash: 83c28236ee2bc6d96d867a7fe91b0f54af1a88e2257f0bb16a32bbae3df25934
Instruction Fuzzy Hash: 53314936418B528AC304EB2CE8045EBB3D2EFC5324F16DA2DE1A8C7595D739841ADB42

Uniqueness

Uniqueness Score: -1.00%

Function 00C70AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

c, xrefs: 00C70BAD
%, xrefs: 00C70BD1

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: %$c
API String ID: 0-3834940509
Opcode ID: 69e73e1cf23bfb80a005c567fcbb540f3b816fa8ec6c60ab92dd4af7d284e662
Instruction ID: 1d5966c05c96930c19ea3c70df772b178a5310ddde2a334ceb40e25800b7bb4c
Opcode Fuzzy Hash: 69e73e1cf23bfb80a005c567fcbb540f3b816fa8ec6c60ab92dd4af7d284e662
Instruction Fuzzy Hash: 25415B326087428BD318EA3CE9509FBB3D6EBD9324F688B7E85A6C34D5D7345119CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00B0C43A Relevance: 2.6, Strings: 2, Instructions: 94COMMON

Download Yara Rule

Strings

a, xrefs: 00B0C46C
d, xrefs: 00B0C485

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: a$d
API String ID: 0-224607458
Opcode ID: 36e794984fdc7ab856b6998338e8b3f7027cf39c5b91ad2ae76518f9c8335031
Instruction ID: 64b3a86b2002c9e1a5d7819318e268d1c8b928cee3c5971d569bd6c69052ee62
Opcode Fuzzy Hash: 36e794984fdc7ab856b6998338e8b3f7027cf39c5b91ad2ae76518f9c8335031
Instruction Fuzzy Hash: 36317A321187018BC30DEF68D9551EEB7E2EBC1320F65CA7C958683655D7359627CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0044EB90 Relevance: 1.9, Strings: 1, Instructions: 609COMMON

Download Yara Rule

Strings

qzGE_VVFW_E\, xrefs: 0044ED94, 0044EDBC

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: qzGE_VVFW_E\
API String ID: 0-794482943
Opcode ID: 40d5d829b807c91c6b8232ca26fe84424e6d81afe60ae5692c9802f1ccd35753
Instruction ID: ce8c3f0e2825bf76f5e22843a3c9cad6c08d7d8b77251eed214296c9a6e819c8
Opcode Fuzzy Hash: 40d5d829b807c91c6b8232ca26fe84424e6d81afe60ae5692c9802f1ccd35753
Instruction Fuzzy Hash: 9F42C170C0428A8AEB09CF64D5157FFBBB1BF16308F14829DD4412B642E7B5578AC7D5

Uniqueness

Uniqueness Score: -1.00%

Function 004944E0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00494566

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: __allrem
String ID:
API String ID: 2933888876-0
Opcode ID: 0bb4c40639f3aeae2e16e313187ffde3fe944c170692a06ed3c109352d2643a3
Instruction ID: 61357535e2baea4338e5c72bea2e4ba572cbea29298d1cd94812fb2a303a754e
Opcode Fuzzy Hash: 0bb4c40639f3aeae2e16e313187ffde3fe944c170692a06ed3c109352d2643a3
Instruction Fuzzy Hash: B7816675A001499FDF08CF9CC880EAEBBB5EF89310F1481A9E945EB346D235DE46CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00B27802 Relevance: 1.6, Strings: 1, Instructions: 397COMMON

Download Yara Rule

Strings

F, xrefs: 00A38884

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 1fb04a950c3d5ab2e569fd8cf4b847699854a9fa8ccf55f2e075745602b1961c
Instruction ID: 61a86209e4c36ccf6cb6c2c118f6b6c85fe2e86fe2d8cc635b271e61c3672b9b
Opcode Fuzzy Hash: 1fb04a950c3d5ab2e569fd8cf4b847699854a9fa8ccf55f2e075745602b1961c
Instruction Fuzzy Hash: 0BE154315087128FC318DE2CD8818AAB7E6EBDA310F648B7E85D6835E5DB39551BCB81

Uniqueness

Uniqueness Score: -1.00%

Function 004E959F Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 004E970F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 17da74752721f904e9360b0e7350fe259cbbdef6354f9cb3f8123e93ce7ac5a5
Instruction ID: 69a0842c0b7ceb1bcc349f868f016d9e532a85d108f8587c5abc56c4a512b3bc
Opcode Fuzzy Hash: 17da74752721f904e9360b0e7350fe259cbbdef6354f9cb3f8123e93ce7ac5a5
Instruction Fuzzy Hash: 35C1DE709106868FCB24DF7AC494A7BBBA1BF06316F18061FD856973E1C338AD45CB19

Uniqueness

Uniqueness Score: -1.00%

Function 004E925D Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 004E93E1

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 1679f4722991f543d5f5577a72d2027cf4664a5361e3ae695b9256c12ac657f7
Instruction ID: b0f2f4a4c71a32763588803a0d4209da0bfab023c608772363e77a77a94ad2d5
Opcode Fuzzy Hash: 1679f4722991f543d5f5577a72d2027cf4664a5361e3ae695b9256c12ac657f7
Instruction Fuzzy Hash: 30B1E17190468A9BCB35CF6BC4956BFB7A1AF08306F140A1FD992973C1C739AD02CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFC0 Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

:, xrefs: 0040C0B2

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 59f1228fc40e116ba2ee2e81f55fd4945a43b858f8b36dd393647c1f063d221f
Instruction ID: 0263b599a9b858757c260e049e439fd1b9de5c5470d233817ef85c102b2389be
Opcode Fuzzy Hash: 59f1228fc40e116ba2ee2e81f55fd4945a43b858f8b36dd393647c1f063d221f
Instruction Fuzzy Hash: B7B1F570D00249DADF08DFA4C8597EEBBB4BF45308F14829EE4417B6C2E7B96649CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00AB7B09 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

U, xrefs: 00C10E5F

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 16c944520680a5aa4e2ca345cb246bc730d91490b765a86f553325a6f6e19e8b
Instruction ID: 3b1637475044567e89665eabf4ad9ef2e6a09b93aeee2d7b2df2e0e42dc3812a
Opcode Fuzzy Hash: 16c944520680a5aa4e2ca345cb246bc730d91490b765a86f553325a6f6e19e8b
Instruction Fuzzy Hash: 4E817735118B428BC718EB38D8914B773E2FFC5320FA48A7D9496C7695D738A91ACF01

Uniqueness

Uniqueness Score: -1.00%

Function 004146B0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

^lh, xrefs: 00414883

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: ^lh
API String ID: 0-323098473
Opcode ID: 5dd8b31a06c7b370c3f1cbad2985337e5fe817e5759b2c858bdf47291764a09e
Instruction ID: 909c58523b219b580d2f9c87ab472fff26d8498a491ef8a46bfcd0b316064e67
Opcode Fuzzy Hash: 5dd8b31a06c7b370c3f1cbad2985337e5fe817e5759b2c858bdf47291764a09e
Instruction Fuzzy Hash: 2D519DB1E002199FDB04DFA8C954BEEBBB4FF88714F14415EE421BB380D7799A448BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00CB2298 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

:]1}, xrefs: 00CA91C5

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: :]1}
API String ID: 0-845115401
Opcode ID: c32cd0da0c35299c54e7e11a5cdcf66838a49e75e2a2303b0fc1a5bd4ad821e8
Instruction ID: 3a7bd721847585ba9f6e46e2af519a5d885bd109871cc191da58b13dc1e89fed
Opcode Fuzzy Hash: c32cd0da0c35299c54e7e11a5cdcf66838a49e75e2a2303b0fc1a5bd4ad821e8
Instruction Fuzzy Hash: E651EB365083935BC309DB39D8514AABBD2FBE4324F18C63ED5C5875C5EB754806C792

Uniqueness

Uniqueness Score: -1.00%

Function 00483470 Relevance: .8, Instructions: 763COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66eafb21ff0ac23a1e243a383367402beece03311f5ec548545498dddb0c253
Instruction ID: ae5b588d5f83b10946bd036fb265321cad1a9ac81e0d03d5a08f0322d0129893
Opcode Fuzzy Hash: e66eafb21ff0ac23a1e243a383367402beece03311f5ec548545498dddb0c253
Instruction Fuzzy Hash: 773273B3F5161447DF1CCA6ECC922EDB2E36FD821871E813DE80AE3345EA79E9454684

Uniqueness

Uniqueness Score: -1.00%

Function 0048C560 Relevance: .7, Instructions: 663COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e5418837d9dbbbd9eb4a8b834e8a8777fd5de7c14d58e88505cfed8b5f8ddb
Instruction ID: d460b15ecaef89ee619ee12d19a6560aac0686608ff237d971a34b1c2572f41b
Opcode Fuzzy Hash: 07e5418837d9dbbbd9eb4a8b834e8a8777fd5de7c14d58e88505cfed8b5f8ddb
Instruction Fuzzy Hash: 4342B070A006458FDB14EE78C8807AEFBA1FF45310F148A6ED4A5E7781D738E54ACBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0048B4F0 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83be81521c8f6e0d9c256a308f6515b6480823c042109c4a5f9f6a465af66b4
Instruction ID: 3f697c021dfedbec9db322e5051135f0efc05d6c78d01827f971c72bc9ef8319
Opcode Fuzzy Hash: d83be81521c8f6e0d9c256a308f6515b6480823c042109c4a5f9f6a465af66b4
Instruction Fuzzy Hash: 62125270E006099FDB14DFA9C880AAFB7F5EF88354F144A2AE816A3350E735ED15CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0047F360 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c5b533877cf3ec9005cc5efc7db13f0e9db28ca10cccb926657bc7928d88d3
Instruction ID: eb9b5747713da88abdf44c3e0375b5401f884ae6218142cb767fab7eed311cc9
Opcode Fuzzy Hash: f5c5b533877cf3ec9005cc5efc7db13f0e9db28ca10cccb926657bc7928d88d3
Instruction Fuzzy Hash: B5E10476E1022A9FCB05CFA8D5816EDFBF1BF88324F19816AD818B7340D674AD45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00A21DF6 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e739dd4816ca85da2bb534a17023af6d66e4337fc531ad666adaef1f986518
Instruction ID: 762cd788cc452b15be2158a21f7ad6620366bce2cda72182cc05084122b41131
Opcode Fuzzy Hash: 98e739dd4816ca85da2bb534a17023af6d66e4337fc531ad666adaef1f986518
Instruction Fuzzy Hash: 53C1B73610C7168FC318EF28D8814B6B3E2FBD5314F64862DC5A7C7185DB35AA578B82

Uniqueness

Uniqueness Score: -1.00%

Function 0048BFB0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28697499d8a432a2f908430cbfc130233417f930531da95fec5644348f0462ce
Instruction ID: da2615611a874148ad1991d9a49fafabab5238c32b83b79c088c8e17a297465a
Opcode Fuzzy Hash: 28697499d8a432a2f908430cbfc130233417f930531da95fec5644348f0462ce
Instruction Fuzzy Hash: 0BD1A0706007418BE724DF39C48479ABBE0FF55314F148A6ED4EA8B781DB78E489CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004F6CC5 Relevance: .3, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2828e6c5dc1f3b1a4bf7c260e4225ae0da7451d47cfaeffa966b717d3bdbbb89
Instruction ID: 55b397d59c104d01ddbea56fc4f0be1c39b0b7781d0c824c7fcadbc9cf2fcaf7
Opcode Fuzzy Hash: 2828e6c5dc1f3b1a4bf7c260e4225ae0da7451d47cfaeffa966b717d3bdbbb89
Instruction Fuzzy Hash: 8FB17036210608DFD714CF28C486B657BE1FF45364F268659E99ACF3A1C339D992CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0152DEAD Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c9335e4bdfe9b847aa795d67eeb5c672aace16177eca1ad63f91f1480926865
Instruction ID: 3deb3fa83811053eeb0aaefa3e24e9ea96013361e92f427c690c900026bd4555
Opcode Fuzzy Hash: 7c9335e4bdfe9b847aa795d67eeb5c672aace16177eca1ad63f91f1480926865
Instruction Fuzzy Hash: F4817872108B028BC728EE29E8815EBB3A5FBC5315F248B6EC496871D5D735901BCB82

Uniqueness

Uniqueness Score: -1.00%

Function 00402600 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344d14e4d67613495c18bd8e49ba0fa23fddf66637f8813bf79c7fc84378b93a
Instruction ID: fcdd557c749469a6b62637c8bcbecc2d9e063787d8a4f51c8a3b551eb56e006b
Opcode Fuzzy Hash: 344d14e4d67613495c18bd8e49ba0fa23fddf66637f8813bf79c7fc84378b93a
Instruction Fuzzy Hash: 1F812479D042458FDB008F69D6C87FFBBA4EB19304F04017AD814A77C2C3B99909DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A30202 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fc60a456c427c1a42b748ace4da1a1af8ba490668a915410744bf540296693
Instruction ID: 0aceee152a1477c950394d64bef1cc9dd304a57477a3519a12310bab02fb00a1
Opcode Fuzzy Hash: 91fc60a456c427c1a42b748ace4da1a1af8ba490668a915410744bf540296693
Instruction Fuzzy Hash: 2151CE32458B1D8FC718EE68E88A4E5B3D1E7A6311B158B3DC597C71E1EE359107CA81

Uniqueness

Uniqueness Score: -1.00%

Function 00483EF0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc39497f38d03b5ee4b604cc9eb2b0941a7c0e2aa0927811976ce2996120a63
Instruction ID: 6c5a96837b3fa5ffb5e8aa1c2d7fde9f60477786ff5eeb7097e19965a4e36589
Opcode Fuzzy Hash: 0cc39497f38d03b5ee4b604cc9eb2b0941a7c0e2aa0927811976ce2996120a63
Instruction Fuzzy Hash: E66177316201659FD714CF1EECC84663752A7AA3013C5C62AEA85C73D6C539E52AE7B0

Uniqueness

Uniqueness Score: -1.00%

Function 0148069F Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ebd0a9a8b9ec9ec350c191375c623e2e66e781bd50320d913afb1cd1537ebe
Instruction ID: ada78daa01903a5e3cb161627f9f521ed88b93e50d2d5e1e84cad40d72e235a2
Opcode Fuzzy Hash: d9ebd0a9a8b9ec9ec350c191375c623e2e66e781bd50320d913afb1cd1537ebe
Instruction Fuzzy Hash: 085145315187528BC319EF38E4814ABB7E1EBE6314F509B3EE6D2C71A1DA3590068B82

Uniqueness

Uniqueness Score: -1.00%

Function 00401900 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1137b7d955cfb7566858f10079ef61b9c9b7cec079e6c2101fe244bbce49b2d0
Instruction ID: 95d6c93d293b5fe107a7fdb82f07d4ca56c6974ad55a13a9affae056af671ec3
Opcode Fuzzy Hash: 1137b7d955cfb7566858f10079ef61b9c9b7cec079e6c2101fe244bbce49b2d0
Instruction Fuzzy Hash: E4816F60C187C986EB16CFA8D9453E9B7B1BF7A308F14A359D88436172EB7422CAD711

Uniqueness

Uniqueness Score: -1.00%

Function 014D85D6 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f4de2baa2689086c1f7c9f3c6d300f63939811cf0fef28c2fc913e0b8f2bb61
Instruction ID: 8232f292bf9b7ae63904157cc83ecc741a246d928815091004370ff4818ebc8f
Opcode Fuzzy Hash: 7f4de2baa2689086c1f7c9f3c6d300f63939811cf0fef28c2fc913e0b8f2bb61
Instruction Fuzzy Hash: 1451BB31A187928FC719FE39D8400AA73A2FBD6315B25C77ED49A8B4D6E734910BC742

Uniqueness

Uniqueness Score: -1.00%

Function 004E3B58 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a7e029f2f3b1f88d2cfe11b170cc748dba17dd9b913f792cc9312304564770
Instruction ID: 9fbc5ee497912a760a34994a38bee39a27b59ce4a769eeb10f9c6295cb234dbd
Opcode Fuzzy Hash: 40a7e029f2f3b1f88d2cfe11b170cc748dba17dd9b913f792cc9312304564770
Instruction Fuzzy Hash: 50519F72D00259AFDF05CF99C844AEEBBB2FF88305F198499E555AB301D738AA40DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00CDAE7E Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f4dd6f79e77bacac9f8949325b058cab2ccbbf0b84d6fab62b0a6ad234f1e9
Instruction ID: 4fc054c469008c605ae3140588cac8827eaa7fe7fe21dba1bcc6a9f8f388d151
Opcode Fuzzy Hash: 92f4dd6f79e77bacac9f8949325b058cab2ccbbf0b84d6fab62b0a6ad234f1e9
Instruction Fuzzy Hash: F6516A35518B238BC708EB3AD8911AF77E2FFE5311F50863DA586C7199D738C81A9B41

Uniqueness

Uniqueness Score: -1.00%

Function 00402410 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 447946aa71e92e0696735f56a77cc802cab55a388eb979998900a354220eb3b9
Instruction ID: d8fb0bb25378b25b57ab51a6fa1e822dfae3e2e33bf21e60f5bb9728c3bc49bf
Opcode Fuzzy Hash: 447946aa71e92e0696735f56a77cc802cab55a388eb979998900a354220eb3b9
Instruction Fuzzy Hash: CE511475D0419AAFEB118F68C5293EFBFF4EB16304F04016AD8946B3C2C2B88605CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 00A1012C Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f848a556fe0b8dbbee54cd5753e201b16d94a955c499441beacc8308a6f72e09
Instruction ID: 5047db75700c5c581fc35ffdb10aaa2376da0b31b06f00e19f510ec0bd1bcfb4
Opcode Fuzzy Hash: f848a556fe0b8dbbee54cd5753e201b16d94a955c499441beacc8308a6f72e09
Instruction Fuzzy Hash: CD417735518B128BD324EF38D951ABBB3D5FBD2320F60877DD0A6831C5EB39611ADA41

Uniqueness

Uniqueness Score: -1.00%

Function 014C8DB8 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f375995ceeea39a2bf0d3b8e343e5b40a8bd8a56888bd1035ee05faccfc6c5bd
Instruction ID: 8d127384005a0011f7278bb63d27de02896f38427007ab081d4ca3c09dc54037
Opcode Fuzzy Hash: f375995ceeea39a2bf0d3b8e343e5b40a8bd8a56888bd1035ee05faccfc6c5bd
Instruction Fuzzy Hash: 225122752183538BC328EF2CE9445AAB7A4FFD5314F208BBEC09A82995DB355529CF06

Uniqueness

Uniqueness Score: -1.00%

Function 00D287ED Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105e1b49530be2a852a68060cadaa02f8d5e46598bfda18695678b08f6029120
Instruction ID: e063a65e04217f8f7abae7c4ba10b9292b7aa188f540f0e9645f66dc54ce232e
Opcode Fuzzy Hash: 105e1b49530be2a852a68060cadaa02f8d5e46598bfda18695678b08f6029120
Instruction Fuzzy Hash: FA418B725083618FC318DA28D450AEBB7E1BBD2300F6886BDC195CB992EA754656CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00BD126B Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fdd586345be75fec770372e4b28346d6080cab9c3378971b7c4c030859bec82
Instruction ID: 5bbbc0bc62ba6566f3777e92ea67a72ee65965c8d922542ee371746f44cd3d43
Opcode Fuzzy Hash: 5fdd586345be75fec770372e4b28346d6080cab9c3378971b7c4c030859bec82
Instruction Fuzzy Hash: 3131C9B241461B8BDB0CEE38E8850F63392E7D5300B508A2DC9C2C749AEB706217CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00B4DB89 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4419b247cec0d36391b4184b5e35cc3348b41017a65ea02557390385878ce154
Instruction ID: 097f0cc30f7ad4b914229998b2aa7540e74a61e407d9644014bcf1a64cc8153b
Opcode Fuzzy Hash: 4419b247cec0d36391b4184b5e35cc3348b41017a65ea02557390385878ce154
Instruction Fuzzy Hash: 383177350187128BCB09EB7598814F7B3D2EFD6311F50CB2DE1A28B591DB35A12ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 004E03D0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 47b25b5521fc7fdfc8f6386eca4eebd4ee13877fba345ebe15ac11d022ba3828
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 9511E6B73001D243D6148A2FE7B46B7A395EBC532372C437BD3A14B7D4D1AAE9C59908

Uniqueness

Uniqueness Score: -1.00%

Function 00464270 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5244dfa1c779be8f4eeff91437c990cf28ea74c5eb9ffa3f3e1d19db7367a5
Instruction ID: 3f241ac6d3cb82c64a7bf9bfb8ca20c37baf63f8cf887f5ad885db9920b88b76
Opcode Fuzzy Hash: 4f5244dfa1c779be8f4eeff91437c990cf28ea74c5eb9ffa3f3e1d19db7367a5
Instruction Fuzzy Hash: 8ED05B77B015304F4F219A8D94D445AE755EBC526032541E7E918AB30AE3645C0585E5

Uniqueness

Uniqueness Score: -1.00%

Function 004624B0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4555cdd239d7de2d90c7223f1fbd98277d006d000f394a2241269f67188ef75d
Instruction ID: 0ba1d9e0aa1b875d47cbeeff4d0fa086cc60980bba294de355f675867c22af7d
Opcode Fuzzy Hash: 4555cdd239d7de2d90c7223f1fbd98277d006d000f394a2241269f67188ef75d
Instruction Fuzzy Hash: 32D05EB1028A91DAC726C628A184B92BFC45F17308F0A5EDAC0858B156E9A49885C789

Uniqueness

Uniqueness Score: -1.00%

Function 00482A10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 216networkCOMMON

Download Yara Rule

APIs

InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 00482B39
HttpOpenRequestA.WININET(00000000,eknt,?,00000000,00000000,00000000,80000000,00000000), ref: 00482BB2
GetLastError.KERNEL32(00000000,00000000), ref: 00482BDE
InternetQueryOptionA.WININET(00000000,0000001F,80000000,00000000), ref: 00482C09
InternetSetOptionA.WININET(00000000,0000001F,00000100,00000004), ref: 00482C1F
HttpQueryInfoA.WININET(00000000,20000005,?,00000000,00000000), ref: 00482C3B
InternetCloseHandle.WININET(00000000), ref: 00482C4D

Strings

eknt, xrefs: 00482BA9, 00482BB0

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Internet$Option$HttpQuery$CloseErrorHandleInfoLastOpenRequest
String ID: eknt
API String ID: 3343719359-3307737056
Opcode ID: 59d275e4fabc9ecf95f8ff6572b1c90c28d42980db6b7595f5b5c5b9de6c971a
Instruction ID: d0153fee507666f8f34cb0cae12ae5f91eb4bf6db8f341d16e73bcd5f1d9d3eb
Opcode Fuzzy Hash: 59d275e4fabc9ecf95f8ff6572b1c90c28d42980db6b7595f5b5c5b9de6c971a
Instruction Fuzzy Hash: D5710671A40208ABEB24DFA4CD45BEFB7B8EF48714F20455AF904B72C0D7B4AA44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAC0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 176COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000001), ref: 0040BB23
GetSystemMetrics.USER32(00000000), ref: 0040BB29

Strings

ANY, xrefs: 0040BB6C
wZ, xrefs: 0040BBE3
ciq, xrefs: 0040BB87
d, xrefs: 0040BAE7
pG@, xrefs: 0040BB8D, 0040BCCC
EoZ, xrefs: 0040BB57
Hh, xrefs: 0040BB0B
image/png, xrefs: 0040BC22

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: MetricsSystem
String ID: ANY$EoZ$ciq$d$image/png$pG@$wZ$Hh
API String ID: 4116985748-3862071795
Opcode ID: fe1e25cde9aa753e0afc242dc1b0ac9ffb4878dcd537967586d912a3cd3746ab
Instruction ID: 3d40818548698ea6477b652944f496919d054242d7a9cef3a0c0ef632a3a0e91
Opcode Fuzzy Hash: fe1e25cde9aa753e0afc242dc1b0ac9ffb4878dcd537967586d912a3cd3746ab
Instruction Fuzzy Hash: 52613771D00219EFEB109FA4DD08BEEBBB8FF58704F104129E915B7290EB755A44DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040B1A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,0045E8D7,00000000,00000000,?,00000000), ref: 0040B207
std::_Throw_Cpp_error.LIBCPMT ref: 0040B24F
std::_Throw_Cpp_error.LIBCPMT ref: 0040B260
CreateDirectoryA.KERNEL32(?,00000000,00000005,?,?,0045E8D7,00000000,00000000,?,00000000), ref: 0040B2B5
std::_Throw_Cpp_error.LIBCPMT ref: 0040B2E4
std::_Throw_Cpp_error.LIBCPMT ref: 0040B2F5

Strings

\*.*, xrefs: 0040B3B0
DT, xrefs: 0040B3B8
DT, xrefs: 0040B238
Wdm, xrefs: 0040B1FC

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CreateDirectoryErrorLast
String ID: Wdm$\*.*$DT$DT
API String ID: 460572287-2863894964
Opcode ID: 2b6f81ab126fc618a188953a6976e14c5f8f7c824b5669131f72a67505756569
Instruction ID: 9d4b5a7eb78b2cfc085a3c1b82074c608cacb53bd392d67936e585c45fe22131
Opcode Fuzzy Hash: 2b6f81ab126fc618a188953a6976e14c5f8f7c824b5669131f72a67505756569
Instruction Fuzzy Hash: F531C871940600EBCB205F69AD0ABAE7758E713738F20476FE425A77D0D7794904CADE

Uniqueness

Uniqueness Score: -1.00%

Function 00469270 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 136COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 004692AD
std::_Lockit::_Lockit.LIBCPMT ref: 004692CF
std::_Lockit::~_Lockit.LIBCPMT ref: 004692F7
__Getctype.LIBCPMT ref: 004693D5
std::_Facet_Register.LIBCPMT ref: 00469409
std::_Lockit::~_Lockit.LIBCPMT ref: 00469433

Strings

`C@, xrefs: 004693CF
0<@, xrefs: 0046939D
`@@, xrefs: 004693AA

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID: 0<@$`@@$`C@
API String ID: 1102183713-2224965426
Opcode ID: 177bc0016c6bdd38d245a6f34e8552809fd84df3c186ad39ccf807dc765b17a2
Instruction ID: 0bd40ff28e132543e5deab4d1ce47127a8eeb5facc303e9fe33eed6a5478eb10
Opcode Fuzzy Hash: 177bc0016c6bdd38d245a6f34e8552809fd84df3c186ad39ccf807dc765b17a2
Instruction Fuzzy Hash: 3A5189B0D00249DBDB10CF58C9457AEBBF8BB15718F14819ED845AB381E7B8AE44CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00414A80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 211registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 00414B11
RegOpenKeyExA.ADVAPI32(80000002,00020019,00000000,00020019,?), ref: 00414B6D

Strings

{cxqcw, xrefs: 00414C4D, 00414C6A
)kY, xrefs: 00414AAB
0%#, xrefs: 00414B3D
955', xrefs: 00414AD8
%m, xrefs: 00414B7A
^lh, xrefs: 00414A9F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Open
String ID: %m$)kY$0%#$955'$^lh${cxqcw
API String ID: 71445658-1253285
Opcode ID: f7d8d3bd774bd0d7a31bf9407bc0e4b7ffea8039595eb4b5ef6735ddf163186d
Instruction ID: 53c28fb3d9146297e77442c3bc039811f95b6ae47d903d38375607f9d0ffd872
Opcode Fuzzy Hash: f7d8d3bd774bd0d7a31bf9407bc0e4b7ffea8039595eb4b5ef6735ddf163186d
Instruction Fuzzy Hash: EA813770C04248DBDF14CFA4E884BEEBBB8EF09308F14825EE445A7292E774558ACB94

Uniqueness

Uniqueness Score: -1.00%

Function 004E0500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 004E0537
___except_validate_context_record.LIBVCRUNTIME ref: 004E053F
_ValidateLocalCookies.LIBCMT ref: 004E05C8
__IsNonwritableInCurrentImage.LIBCMT ref: 004E05F3
_ValidateLocalCookies.LIBCMT ref: 004E0648

Strings

`*@, xrefs: 004E060C
csm, xrefs: 004E05DD
M, xrefs: 004E05E5, 004E05EE, 004E05FF

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: M$`*@$csm
API String ID: 1170836740-4228401793
Opcode ID: 65d3b3a053f1ae861a729eea474b21ae79ceec2b09c4739a23ff07edecdd9c0e
Instruction ID: ae6f05b9bd62fc10c3191631ccd5ca4d26231538102a6178fda95897d9880e03
Opcode Fuzzy Hash: 65d3b3a053f1ae861a729eea474b21ae79ceec2b09c4739a23ff07edecdd9c0e
Instruction Fuzzy Hash: C641B534A00248ABCF10DF6AC884B9F7BB5BF44319F14815BE8289B392D779E951CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0046B4D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0046B4FA
std::_Lockit::_Lockit.LIBCPMT ref: 0046B51C
std::_Lockit::~_Lockit.LIBCPMT ref: 0046B544
std::_Facet_Register.LIBCPMT ref: 0046B63A
std::_Lockit::~_Lockit.LIBCPMT ref: 0046B664

Strings

0<@, xrefs: 0046B5E1
`@@, xrefs: 0046B5EE
0A@, xrefs: 0046B602

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID: 0<@$0A@$`@@
API String ID: 459529453-1194995427
Opcode ID: 8ade25123e0ef27ad6703d36d95a26f7bc67794fc66b59cd0163319066937715
Instruction ID: ae497b610999006b09e7b0a80953719159799dd6da27bcce2b924d634ea02806
Opcode Fuzzy Hash: 8ade25123e0ef27ad6703d36d95a26f7bc67794fc66b59cd0163319066937715
Instruction Fuzzy Hash: 5B519AB1900248DFDB11CF58C4547AEBBF0FB11318F24819EE446AB381E778AA85CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 004F4D9F Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004F4E25

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: de241dd55b422ed1e4ea048f00bb23ff873d8577d80bba1863d2e2f735cfcc17
Instruction ID: 589becb99ee3adf27699cb767a9d83f27a62820bf1ca4c3ec6002ba9eb813f73
Opcode Fuzzy Hash: de241dd55b422ed1e4ea048f00bb23ff873d8577d80bba1863d2e2f735cfcc17
Instruction Fuzzy Hash: B1B13932A0075A9FDB118F24CC81BBF7FA5EF95350F144157E704AB382DA789901C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00408130 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 320COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 004085AC
___std_exception_destroy.LIBVCRUNTIME ref: 004085C2

Strings

parse error, xrefs: 00408305
at line , xrefs: 0040818B
, column , xrefs: 004081A2
ror, xrefs: 004082A0

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: at line $, column $parse error$ror
API String ID: 4194217158-697689061
Opcode ID: de1d2d0c26a1d999e058054185ee1c2887837b69cd766780e9372ff6f3521681
Instruction ID: 5eed20493bf9008b1666e4e77f551704a34727cf03c9faf4099439c52a9f14e3
Opcode Fuzzy Hash: de1d2d0c26a1d999e058054185ee1c2887837b69cd766780e9372ff6f3521681
Instruction Fuzzy Hash: FCD1CC71C00248DFEB14DFA8C9557EEBBB1AF51304F20829EE0557B2D2D7B85A84DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040B300 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 297COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 0040B714
std::_Throw_Cpp_error.LIBCPMT ref: 0040B725

Strings

\*.*, xrefs: 0040B3B0
DT, xrefs: 0040B3B8

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cpp_errorThrow_std::_
String ID: \*.*$DT
API String ID: 2134207285-2523999094
Opcode ID: 9a5252b5b299cd4d34748ec0a0b704ee7524062dc07f546f9d15cb01d732fe2b
Instruction ID: ac939954ec097e0f466dd701cbb477dfb9ac36ed8f0a1d488013fd253ef2818d
Opcode Fuzzy Hash: 9a5252b5b299cd4d34748ec0a0b704ee7524062dc07f546f9d15cb01d732fe2b
Instruction Fuzzy Hash: FCC1CF70D00249CFDB10DFA4C8487EEBBB1FF55314F14426AE044BB292E7B45A88DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413F60 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163fileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00413F93
CopyFileA.KERNEL32(?,?,00000000), ref: 004140E2
GetLastError.KERNEL32(?,?,00000000), ref: 004140F0
CopyFileA.KERNEL32(?,?,00000000), ref: 00414104

Strings

+WZ, xrefs: 0041400D
$)Z, xrefs: 004140B4

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: CopyErrorFileLast
String ID: $)Z$+WZ
API String ID: 374144340-2442306420
Opcode ID: 41cc5699e2aef03518a6fa57b6c5defee71ecef8bcc888630594c87e048224a9
Instruction ID: 7187b7d28f028eeccfb5fbc494962c4116a1a611db03d796ef26b58edd931d27
Opcode Fuzzy Hash: 41cc5699e2aef03518a6fa57b6c5defee71ecef8bcc888630594c87e048224a9
Instruction Fuzzy Hash: F451AE72D01209EBCB11DFE4DC45BEEBBB8EB48320F10426AE915B7290E7795A45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004EAC03 Relevance: 9.3, APIs: 6, Instructions: 285COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 004EAD8B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EADA7
__allrem.LIBCMT ref: 004EADBE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EADDC
__allrem.LIBCMT ref: 004EADF3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EAE11

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 71c8420f77c3c6b4205cd649fa68cc37f68444db08f8c9dfdfe450398f673b61
Instruction ID: 1b3fea5176a95fd5fcec1025af7aaf911d8005413d807e00b03de1864a21ce91
Opcode Fuzzy Hash: 71c8420f77c3c6b4205cd649fa68cc37f68444db08f8c9dfdfe450398f673b61
Instruction Fuzzy Hash: E9811672A00B469BD7209B2FCC41B6B73E9AF40366F24462FF511C6381E778ED10879A

Uniqueness

Uniqueness Score: -1.00%

Function 004DB251 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000), ref: 004DB2F3
GetLastError.KERNEL32(?,?,00000000), ref: 004DB315
___std_fs_open_handle@16.LIBCPMT ref: 004DB3DA

Strings

ilZ, xrefs: 004DB2E9

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ErrorLast$___std_fs_open_handle@16
String ID: ilZ
API String ID: 3145611554-4205950460
Opcode ID: 9af5f621a963f62df2d2e795de51cf1d9c71d10ab0dd0f4af5403f9d0b2e41ab
Instruction ID: 341597b08954598ba12624bf7522534a7d0a98471e3e0131fdc1d14ff671b143
Opcode Fuzzy Hash: 9af5f621a963f62df2d2e795de51cf1d9c71d10ab0dd0f4af5403f9d0b2e41ab
Instruction Fuzzy Hash: B7719E75A00619DFCB20CF28CC98BAEB7B8EF05320F15429BE855E3391DB349945CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00409830 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 87libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(5C4B5A43), ref: 00409899
GetProcAddress.KERNEL32(00000000,cZ~ET@J{W\R[M), ref: 004098A4

Strings

cZ~ET@J{W\R[M, xrefs: 0040989F, 004098A2
Y, xrefs: 00409878
CZK\, xrefs: 0040986A

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: CZK\$Y$cZ~ET@J{W\R[M
API String ID: 1646373207-3260959318
Opcode ID: 75d46dceb2c8bcb749b1f08829a4c36a4df14032eb1f2dcff30bd222e64a410d
Instruction ID: 51f2e121d3855e5c01e354877d7a5d5c4f55a0d2398874154e6aca01a9dd3812
Opcode Fuzzy Hash: 75d46dceb2c8bcb749b1f08829a4c36a4df14032eb1f2dcff30bd222e64a410d
Instruction Fuzzy Hash: 7D31D670904248EAEF04CFE4D809BEEBBF8EF19304F10416EE855B6291E7B55748C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 004DB959 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004DB960
std::_Lockit::_Lockit.LIBCPMT ref: 004DB96B
std::_Lockit::~_Lockit.LIBCPMT ref: 004DB9D9

Part of subcall function 004DBABC: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004DBAD4

std::locale::_Setgloballocale.LIBCPMT ref: 004DB986

Strings

`*@, xrefs: 004DB9A8, 004DB9CC

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
String ID: `*@
API String ID: 677527491-2921439114
Opcode ID: 5eac15c6ac97a95a55fc2dbcfc3ac0e595a4599020fa324505bbecd0779535d8
Instruction ID: f7bb45758b3c6a4509c228517b5f4e18519ddcfd94becc9c252c4bc9a545503f
Opcode Fuzzy Hash: 5eac15c6ac97a95a55fc2dbcfc3ac0e595a4599020fa324505bbecd0779535d8
Instruction Fuzzy Hash: 9101DA78A00210DBCB05EF20C8616BD7BA1FB95784B15400FE81117390DF78AE06DBC9

Uniqueness

Uniqueness Score: -1.00%

Function 0040BD50 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b8a09f5f04559ca933ba0613ac10e5a4a797ee14992a3624cedb4688646f90
Instruction ID: 2acd82ef61fc996c39919c1a058dc149b6a118aa5e084746ecee7002caaa8049
Opcode Fuzzy Hash: 67b8a09f5f04559ca933ba0613ac10e5a4a797ee14992a3624cedb4688646f90
Instruction Fuzzy Hash: 245144B0D1075AEBEB108FA5CC08BAEBFB5FF55704F10421AE50476291E3B96994CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 0041D560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 244libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041D79A
GetProcAddress.KERNEL32(00000000,z}ncT\W), ref: 0041D7A5

Strings

Ws2_32.dll, xrefs: 0041D791
z}ncT\W, xrefs: 0041D7A0, 0041D7A3

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Ws2_32.dll$z}ncT\W
API String ID: 1646373207-1546798564
Opcode ID: 76310f00ada0d28920b1a2ae9740ab1f01463102a09400bbe09d4bb60556f7dd
Instruction ID: cf4f115985b0d866db60a6579047b2d5e33a653b7c859c5a23c8aa774a1f017e
Opcode Fuzzy Hash: 76310f00ada0d28920b1a2ae9740ab1f01463102a09400bbe09d4bb60556f7dd
Instruction Fuzzy Hash: 6FA188B0E00614DFCB20DF58C8447AEBBF0AF09714F18855EE869AB381D739AD41CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00414233 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 192fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,00000000), ref: 00414337
std::_Throw_Cpp_error.LIBCPMT ref: 00414482
std::_Throw_Cpp_error.LIBCPMT ref: 00414493

Strings

\, xrefs: 00414253

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CopyFile
String ID: \
API String ID: 4177132511-2967466578
Opcode ID: 2a141478ac774eca9e5127631903e3825e5901687064a959c1b1f9f2c57fc205
Instruction ID: ec448d641316e2a3872437f4d92d0186c9a642a8506e38dff8007fdda78d9240
Opcode Fuzzy Hash: 2a141478ac774eca9e5127631903e3825e5901687064a959c1b1f9f2c57fc205
Instruction Fuzzy Hash: 8681FC70D00288DFDF04DBE4D945BEDBBB4EF15308F20429EE41067292EBB81A48DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00403340 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00403479
___std_exception_destroy.LIBVCRUNTIME ref: 00403550

Strings

5@, xrefs: 004034E1
!@, xrefs: 00403485

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: !@$ 5@
API String ID: 2970364248-86152599
Opcode ID: 97b02f8d12ba9e87b50d4fe1da5d79552fc032ed3dc938f21dc10a78601e467b
Instruction ID: 5d1018f68dba97f4a985ba63fe95473ab682bcf272c311c0e19d1e0ae2661d85
Opcode Fuzzy Hash: 97b02f8d12ba9e87b50d4fe1da5d79552fc032ed3dc938f21dc10a78601e467b
Instruction Fuzzy Hash: ED615AB1C00648EBDB10CF98C94979EFFB5FF14314F14425EE854AB281E7B95A44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404400 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 153COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004045AF

Strings

ios_base::failbit set, xrefs: 00404438
ios_base::badbit set, xrefs: 00404547, 00404572
`6@, xrefs: 004044D1

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `6@$ios_base::badbit set$ios_base::failbit set
API String ID: 323602529-2295426415
Opcode ID: bf268cd6092046f2b444533919ca4b81748acc4d2a2eb2a88f6eb4d520127f42
Instruction ID: 9cfbb8c9a8fd5525452d7ea145f73fa297ae02075c275c4b493e1aad4f56a393
Opcode Fuzzy Hash: bf268cd6092046f2b444533919ca4b81748acc4d2a2eb2a88f6eb4d520127f42
Instruction Fuzzy Hash: 404115B1800204ABCB04DF58DD45BAEBBF8EB44714F14826EF615AB3C1D7796A00CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404510 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004045AF

Strings

ios_base::failbit set, xrefs: 00404438, 00404551
ios_base::eofbit set, xrefs: 00404556
ios_base::badbit set, xrefs: 00404547, 00404572

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 323602529-1866435925
Opcode ID: 209a68474564fde948deb229df55407119191c176a812a82e0bb84d4bf30aecd
Instruction ID: 54407c60c13b836648e01406732d6bf17c31bb0330cecacea719811d47c5aa4b
Opcode Fuzzy Hash: 209a68474564fde948deb229df55407119191c176a812a82e0bb84d4bf30aecd
Instruction Fuzzy Hash: 8411E3F2804644BBC710EE599C02BA677D8A744714F144A6EFF559B2C2EA39A900C79A

Uniqueness

Uniqueness Score: -1.00%

Function 00403580 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 004035F1

Strings

5@, xrefs: 00403621
!@, xrefs: 004035FD
`6@, xrefs: 00403634

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_copy
String ID: !@$ 5@$`6@
API String ID: 2659868963-3046436121
Opcode ID: 5284119d6068ea0465ede42b6678b19aad7e75db1f841707f7f3d44f545134f7
Instruction ID: 6a94537d6f7cf30f60faecd320d51eb375f598c267003bbf7e5aaac6b7161c0b
Opcode Fuzzy Hash: 5284119d6068ea0465ede42b6678b19aad7e75db1f841707f7f3d44f545134f7
Instruction Fuzzy Hash: F62189B0900248EFCB00CF99C9847DEBFF9FF59314F10825AE414AB281E3B85A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004EC863 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004EC8AA

Strings

`*@, xrefs: 004EC8BB
CorExitProcess, xrefs: 004EC8A2
mscoree.dll, xrefs: 004EC891

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: AddressProc
String ID: CorExitProcess$`*@$mscoree.dll
API String ID: 190572456-3149784946
Opcode ID: ffb82ceea836dd55d107f66016caaa4cc25a5946a2f4d184a6eba8158d039801
Instruction ID: 562ae8c913a91697cd818db614a902e39ceaabe92b223ef6108b00fe99cf1900
Opcode Fuzzy Hash: ffb82ceea836dd55d107f66016caaa4cc25a5946a2f4d184a6eba8158d039801
Instruction Fuzzy Hash: 9301A232944659EFDB119F84DC09FEEBBB9FB54B52F004526F811A22D0EBB49908CA94

Uniqueness

Uniqueness Score: -1.00%

Function 00403740 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00403778

Strings

5@, xrefs: 00403794
!@, xrefs: 00403787
`6@, xrefs: 004037AD

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_copy
String ID: !@$ 5@$`6@
API String ID: 2659868963-3046436121
Opcode ID: bfbe7c8efc281b29b7b2d866474aca0417e0f4a443054bdc022e9bbf12c2b419
Instruction ID: 0ce14fbcff1b242bb69dee6137598e193da4aa67fcaecd80c92e691c36c92b08
Opcode Fuzzy Hash: bfbe7c8efc281b29b7b2d866474aca0417e0f4a443054bdc022e9bbf12c2b419
Instruction Fuzzy Hash: 6B0117B5900A05EBC710CF89D904B89FBF9FB49720F10861AE42597780E3B4AA508B90

Uniqueness

Uniqueness Score: -1.00%

Function 004F4C09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,004E64E1,?,?,?,00000000), ref: 004F4C1B
__dosmaperr.LIBCMT ref: 004F4C22

Strings

`ng, xrefs: 004F4C11
dN, xrefs: 004F4C0E

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ErrorLast__dosmaperr
String ID: `ng$dN
API String ID: 1659562826-532788093
Opcode ID: 5dc75ce04c15e295acdd42d31dd70232daf278466f7767e5e62d7905f0952de2
Instruction ID: 75627c7e57507863508bb374b15be04f9f819f00b988c6ee8400558b9e74fa4a
Opcode Fuzzy Hash: 5dc75ce04c15e295acdd42d31dd70232daf278466f7767e5e62d7905f0952de2
Instruction Fuzzy Hash: A3D02232000508FB8B002BF2BC0C8573B1CDFD03393100A23F42CC05A0EE35C891A250

Uniqueness

Uniqueness Score: -1.00%

Function 004F45B7 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

Strings

hN, xrefs: 004F4655
ext-ms-, xrefs: 004F4622
api-ms-, xrefs: 004F460E

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-$hN
API String ID: 0-953449355
Opcode ID: f63f1c068d1508d04711674c1b6af4106a25a44f74aad6cb73c3f1c9aabf27f4
Instruction ID: 4a3e410b6a841fe5201b9d0dbfeb229dd5489156daef18b20e00f1c0217d66cb
Opcode Fuzzy Hash: f63f1c068d1508d04711674c1b6af4106a25a44f74aad6cb73c3f1c9aabf27f4
Instruction Fuzzy Hash: 5D210B35A01118A7EB219B30EC41AAB37599BD2764B154212FB15E7390EF3CEE04D6D4

Uniqueness

Uniqueness Score: -1.00%

Function 00407EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 0040807C
___std_exception_destroy.LIBVCRUNTIME ref: 00408092

Strings

[json.exception., xrefs: 00407F11

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: [json.exception.
API String ID: 4194217158-791563284
Opcode ID: ee934aa13d999ed11a7f8df7758b70012830ea191fb055267afc7b8fe51fe3c3
Instruction ID: 7f99c11b4c43e4572e9624dce323e281514ed808fd84471958b998dba4cb0f5b
Opcode Fuzzy Hash: ee934aa13d999ed11a7f8df7758b70012830ea191fb055267afc7b8fe51fe3c3
Instruction Fuzzy Hash: 2151C170D042499BDB10DFA8C94579EBBB4FF51314F14426EE850AB3C2E7B95A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00406A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

___std_fs_get_full_path_name@12.LIBCPMT ref: 00406B00

Strings

absolute, xrefs: 00406B8C
@fR, xrefs: 00406A84, 00406B51

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_fs_get_full_path_name@12
String ID: @fR$absolute
API String ID: 319883303-1389756673
Opcode ID: 7f4f532815d2432e08585dfd5ae82f2881fe0962009f3c4d447b7e9e3f916313
Instruction ID: 19a9c7e0e41c4ddcc0769b96455bde1ae0f76d3089e53274c1676f7970a93936
Opcode Fuzzy Hash: 7f4f532815d2432e08585dfd5ae82f2881fe0962009f3c4d447b7e9e3f916313
Instruction Fuzzy Hash: D9410AB0A006169BDB08DF68C5447AEFBB5FF49304F15862AE415B7780D7B8AA90CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0041E5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 0041E739
std::_Throw_Cpp_error.LIBCPMT ref: 0041E74A

Strings

m, xrefs: 0041E63F

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: Cpp_errorThrow_std::_
String ID: m
API String ID: 2134207285-3775001192
Opcode ID: b516f089a57393d585acd41d6b4cc9ca2d6e7125d567915da8ace19d971cb434
Instruction ID: a275f8c54c65386e01ba81cc6fc54d52e067a8cacf1980e4da1c84e71e6b68ee
Opcode Fuzzy Hash: b516f089a57393d585acd41d6b4cc9ca2d6e7125d567915da8ace19d971cb434
Instruction Fuzzy Hash: D5310474804388DBDB01DF65C9557DE7B74EF22708F20429EE4111B2E2E7B99684CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00403C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00403C81
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00403CE4

Strings

bad locale name, xrefs: 00403D06

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 16b5ae0c8b24348979cba257a5732cd8fb9352c1be27cef2719ca0a1b5323d4b
Instruction ID: feb4dd78b694847f484e7eca2a616d004a76e765a60662ff7359ff37e25938c4
Opcode Fuzzy Hash: 16b5ae0c8b24348979cba257a5732cd8fb9352c1be27cef2719ca0a1b5323d4b
Instruction Fuzzy Hash: 2E110070805B84EED321CF69C90474BBFF4AF15714F148A8EE08597B81C3B9A604CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004DCFA7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

___raise_securityfailure.LIBCMT ref: 004DD868

Strings

p5T, xrefs: 004DD863
)kY, xrefs: 004DD780

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___raise_securityfailure
String ID: )kY$p5T
API String ID: 1021282839-636483184
Opcode ID: 409a51253cf7917b2cfefe402371681707e15abe61581a2244dccf91a1927bf4
Instruction ID: d281603e11b815e17b8733fb96863c131fbe9496344fbd87702acd40f57df20e
Opcode Fuzzy Hash: 409a51253cf7917b2cfefe402371681707e15abe61581a2244dccf91a1927bf4
Instruction Fuzzy Hash: F021D8BC501201EAD704CF25F9957C47BB4FB2A358F62512AE509C73B0E3749649EF04

Uniqueness

Uniqueness Score: -1.00%

Function 004657B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 004657E9
___std_exception_copy.LIBVCRUNTIME ref: 0046581C

Strings

!@, xrefs: 00465828

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_copy
String ID: !@
API String ID: 2659868963-1028639617
Opcode ID: 7b58ac75447c1ca31da8fa98211338b5b5b03df8df0a309b3847f049ed6124dc
Instruction ID: c9f3a9521409cac47e4e63aabe70fe8d8b2043c48600a62cdf3255f95b04062c
Opcode Fuzzy Hash: 7b58ac75447c1ca31da8fa98211338b5b5b03df8df0a309b3847f049ed6124dc
Instruction Fuzzy Hash: 2211F1B5900645EBCB11DF59C980A85FBE9FB49720F10876AF9149B741E774A5808BA0

Uniqueness

Uniqueness Score: -1.00%

Function 004DD87B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

___raise_securityfailure.LIBCMT ref: 004DD943

Strings

p5T, xrefs: 004DD93E
)kY, xrefs: 004DD886

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___raise_securityfailure
String ID: )kY$p5T
API String ID: 1021282839-636483184
Opcode ID: d1598ae45ad619601c1c5ff7f69415f46d0aa63cffd9e77993b8870a697a847c
Instruction ID: bfce64ac3409f342896952b166a88fde778eb3b438d55d9eefdd4a01cf0a0c32
Opcode Fuzzy Hash: d1598ae45ad619601c1c5ff7f69415f46d0aa63cffd9e77993b8870a697a847c
Instruction Fuzzy Hash: 2D11AFBC911206FBD705DF29F9816C47BA4BB2A348B12516AE80887370E7709A49EF55

Uniqueness

Uniqueness Score: -1.00%

Function 004037D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00403808

Strings

5@, xrefs: 00403824
!@, xrefs: 00403817

Memory Dump Source

Source File: 00000000.00000002.2871244219.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2871227574.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871337352.0000000000515000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871365940.0000000000540000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871383916.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000580000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871416319.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2871862957.00000000009CC000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872018915.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872468234.0000000001569000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872492443.000000000158F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2872505598.0000000001590000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_9vZbHuuOq6.jbxd

Similarity

API ID: ___std_exception_copy
String ID: !@$ 5@
API String ID: 2659868963-86152599
Opcode ID: af2bfb86ed01e4f8cdbdefc2dccad44a0984899142a0a3b8b6f4b10506bc6a29
Instruction ID: a58b95e8fd2d804cfb76e0316eddbc24d1f625e48316b0a7b5b34f07b30589ce
Opcode Fuzzy Hash: af2bfb86ed01e4f8cdbdefc2dccad44a0984899142a0a3b8b6f4b10506bc6a29
Instruction Fuzzy Hash: 6C011AB5900B45EFC710CF59D900B8AFBF9FB49720F10872AE42597780E7B5A950CB90

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 9vZbHuuOq6.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
9vZbHuuOq6.exe

Function 0041E220 Relevance: 18.3, APIs: 12, Instructions: 260
networksleepCOMMON

Function 0045D9F0 Relevance: 7.7, APIs: 5, Instructions: 159
sleepCOMMON

Function 014DCAC2 Relevance: 1.5, APIs: 1, Instructions: 11
nativethreadCOMMON

Function 0041D430 Relevance: 7.6, APIs: 5, Instructions: 92
networkCOMMON

Function 004F1AC4 Relevance: 4.8, APIs: 3, Instructions: 292
COMMONLIBRARYCODE

Function 004F3893 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Function 004F1FB3 Relevance: 2.6, APIs: 2, Instructions: 63
COMMON

Function 004E2032 Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Function 0040AD80 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Function 00402F50 Relevance: 1.5, APIs: 1, Instructions: 47
COMMONLIBRARYCODE

Function 004F42CD Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Function 004EB74C Relevance: 1.3, APIs: 1, Instructions: 52
COMMONLIBRARYCODE