Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1534099
MD5:	667b24560f2d96e3c80b6052e72f17bd
SHA1:	6da4dd2baa290b2078dc501790dae243e833df4d
SHA256:	64585ba1a93d0bd0af219dbbc455c7e4cc5f8b1a6d46eba6b60c45051692f5c3
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5280 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 667B24560F2D96E3C80B6052E72F17BD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "bathdoomgaz.store", "mobbipenju.store", "eaglepawnoy.store", "spirittunek.store", "studennotediw.store", "clearancek.site", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.266846+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	58486	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.191523+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	54397	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.243434+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	61052	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.231901+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	64347	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.296314+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	50886	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.204938+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	60537	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.279336+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	57902	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:10.255025+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	63232	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T15:48:11.922235+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49716	23.50.98.133	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.5280.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "bathdoomgaz.store", "mobbipenju.store", "eaglepawnoy.store", "spirittunek.store", "studennotediw.store", "clearancek.site", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.6:49716 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008750FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0083D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0083D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_008763B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00875700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_008799D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_0087695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_0083FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00840EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00876094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00831000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00846F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_0086F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00874040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0085D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008442FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00852260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00852260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_0083A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_008764B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0085E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_0084B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00871440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0084D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0085C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00838590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00859510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00877520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00846536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_0086B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0085E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0085D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_008767EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00877710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_008528E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_008349A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00873920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_0084D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00841ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00841A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00874A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00835A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00860B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00843BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00841BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00879B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_0084DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_0084DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_0085AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_0085AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_0085CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0085CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_0085CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00879CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00879CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00857C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_0086FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_0085EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00878D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_0085FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0085DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00841E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00836EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_0083BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00846EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00844E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_0085AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00857E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00855E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00846F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00877FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00877FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00875FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00838FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_0084FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00859F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0086FF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:61052 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:64347 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:58486 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:63232 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:54397 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:50886 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:57902 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:60537 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49716 -> 23.50.98.133:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: dissapoiznw.store

Source: Joe Sandbox View

IP Address: 23.50.98.133 23.50.98.133

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https:// equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Caec5df3887eb62e4bfbcb38d69f1858b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=48165f034f1d7f4fcb605733; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 15 Oct 2024 13:48:11 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlg equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https:// equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Caec5df3887eb62e4bfbcb38d69f1858b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=48165f034f1d7f4fcb605733; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 15 Oct 2024 13:48:11 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlg equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apii
Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=A9z8
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHO
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dissapoiznw.store:443/api
Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/com1;z
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2192992500.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192876894.00000000014A5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2192992500.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900A
Source: file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/q
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900vp
Source: file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Caec5df3887eb62e
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716

Source: unknown

HTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.6:49716 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840228	0_2_00840228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00925089	0_2_00925089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1	0_2_009760A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087A0D0	0_2_0087A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831000	0_2_00831000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842030	0_2_00842030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874040	0_2_00874040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E1A0	0_2_0083E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008371F0	0_2_008371F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00835160	0_2_00835160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008682D0	0_2_008682D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008612D0	0_2_008612D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F82FB	0_2_009F82FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008312F7	0_2_008312F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008313A3	0_2_008313A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083B3A0	0_2_0083B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008623E0	0_2_008623E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A300	0_2_0083A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844487	0_2_00844487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084049B	0_2_0084049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02483	0_2_00A02483
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FD4AE	0_2_009FD4AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008664F0	0_2_008664F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099C456	0_2_0099C456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C470	0_2_0085C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838590	0_2_00838590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008335B0	0_2_008335B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C5F0	0_2_0084C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008786F0	0_2_008786F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086F620	0_2_0086F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083164F	0_2_0083164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878652	0_2_00878652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097E7F7	0_2_0097E7F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E8A0	0_2_0086E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B8C0	0_2_0086B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A75810	0_2_00A75810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A850	0_2_0083A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00861860	0_2_00861860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085098B	0_2_0085098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008789A0	0_2_008789A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB79FE	0_2_00AB79FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A00956	0_2_00A00956
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878A80	0_2_00878A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00877AB0	0_2_00877AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874A40	0_2_00874A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00837BF0	0_2_00837BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A05B3E	0_2_00A05B3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084DB6F	0_2_0084DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876CBF	0_2_00876CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085CCD0	0_2_0085CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C3CE2	0_2_008C3CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E5CFF	0_2_008E5CFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878C02	0_2_00878C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096BDBD	0_2_0096BDBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085FD10	0_2_0085FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085DD29	0_2_0085DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858D62	0_2_00858D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083BEB0	0_2_0083BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00846EBF	0_2_00846EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A07E0E	0_2_00A07E0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844E2A	0_2_00844E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085AE57	0_2_0085AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878E70	0_2_00878E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00877FC0	0_2_00877FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838FD0	0_2_00838FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083AF10	0_2_0083AF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0084D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0083CAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995165532178217

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00868220 CoCreateInstance,

0_2_00868220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2988544 > 1048576

Source: file.exe

Static PE information: Raw size of xhlfooqt is bigger than: 0x100000 < 0x2b0400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.830000.0.unpack :EW;.rsrc :W;.idata :W;xhlfooqt:EW;sbuhabsa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xhlfooqt:EW;sbuhabsa:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2dac5c should be: 0x2dbb48

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: xhlfooqt
Source: file.exe	Static PE information: section name: sbuhabsa
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00925089 push edx; mov dword ptr [esp], ecx	0_2_009250F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D40BC push ecx; mov dword ptr [esp], edi	0_2_009D40C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D40BC push ebp; mov dword ptr [esp], 35DA61EBh	0_2_009D4129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D40BC push edx; mov dword ptr [esp], 6182AB82h	0_2_009D4141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D40BC push ebp; mov dword ptr [esp], 75CF5F61h	0_2_009D414D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D40BC push 104D3781h; mov dword ptr [esp], ebp	0_2_009D4185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push 2715A885h; mov dword ptr [esp], edi	0_2_009760CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push 79BBC5CFh; mov dword ptr [esp], ecx	0_2_00976126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push 749C3484h; mov dword ptr [esp], ebx	0_2_0097612E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push ebx; mov dword ptr [esp], 00000000h	0_2_009761A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push esi; mov dword ptr [esp], ebx	0_2_009761BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009760A1 push 0FB1CD3Ah; mov dword ptr [esp], esp	0_2_009761C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96092 push ecx; mov dword ptr [esp], edx	0_2_00A9619F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D0D2 push ebp; mov dword ptr [esp], edx	0_2_00B2D15B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B41039 push ebp; mov dword ptr [esp], 35D1F5BCh	0_2_00B410FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7B00C push ebx; mov dword ptr [esp], 6D68C480h	0_2_00A7B0BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4101B push ebp; mov dword ptr [esp], 35D1F5BCh	0_2_00B410FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9206A push ecx; mov dword ptr [esp], ebp	0_2_00A92131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9206A push ecx; mov dword ptr [esp], 646C6452h	0_2_00A92191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6606D push 28FD2C1Bh; mov dword ptr [esp], esi	0_2_00A66108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB061 push edx; mov dword ptr [esp], esi	0_2_00ACB0CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7053 push esi; mov dword ptr [esp], ebx	0_2_00AB70D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push esi; mov dword ptr [esp], 30BFD197h	0_2_00A731B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push eax; mov dword ptr [esp], 00000004h	0_2_00A731D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push eax; mov dword ptr [esp], edx	0_2_00A73296
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push 10D13800h; mov dword ptr [esp], eax	0_2_00A7329E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push ebx; mov dword ptr [esp], esi	0_2_00A732D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push 7C7F7741h; mov dword ptr [esp], eax	0_2_00A732F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A731AC push esi; mov dword ptr [esp], eax	0_2_00A73395
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B41198 push 013323D8h; mov dword ptr [esp], esp	0_2_00B411B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B41198 push eax; mov dword ptr [esp], edi	0_2_00B411CA

Source: file.exe

Static PE information: section name: entropy: 7.977018404486159

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894346 second address: 89434A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0705C second address: A07097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 jbe 00007F51953127B9h 0x0000000d jmp 00007F51953127B3h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F51953127B7h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A07097 second address: A0709B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0709B second address: A070BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F51953127B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C4F3 second address: A0C4FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C66D second address: A0C671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C7E6 second address: A0C80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA1h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5195016D9Dh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C80C second address: A0C83C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F51953127A6h 0x00000008 jmp 00007F51953127B9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007F51953127AAh 0x00000018 pushad 0x00000019 popad 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0CC41 second address: A0CC45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0CC45 second address: A0CC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127B8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F51953127A6h 0x00000012 jc 00007F51953127A6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 893B9C second address: 893BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F5D1 second address: A0F5D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F5D6 second address: A0F64D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F5195016D98h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 js 00007F5195016D9Eh 0x0000002c ja 00007F5195016D98h 0x00000032 jmp 00007F5195016DA6h 0x00000037 push 00000000h 0x00000039 jmp 00007F5195016DA9h 0x0000003e push CE00F76Bh 0x00000043 push eax 0x00000044 push edx 0x00000045 push esi 0x00000046 pushad 0x00000047 popad 0x00000048 pop esi 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F64D second address: A0F6CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 31FF0915h 0x00000011 jng 00007F51953127ACh 0x00000017 mov edx, dword ptr [ebp+122D2D00h] 0x0000001d push 00000003h 0x0000001f mov si, 6FABh 0x00000023 jg 00007F51953127AAh 0x00000029 push 00000000h 0x0000002b mov dword ptr [ebp+122D39CEh], ebx 0x00000031 push 00000003h 0x00000033 jnl 00007F51953127AFh 0x00000039 xor ecx, 327A19FDh 0x0000003f call 00007F51953127A9h 0x00000044 jmp 00007F51953127AEh 0x00000049 push eax 0x0000004a push eax 0x0000004b jl 00007F51953127A8h 0x00000051 push edx 0x00000052 pop edx 0x00000053 pop eax 0x00000054 mov eax, dword ptr [esp+04h] 0x00000058 push eax 0x00000059 push edx 0x0000005a jno 00007F51953127ACh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F6CD second address: A0F6FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jmp 00007F5195016D9Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007F5195016D96h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F6FA second address: A0F70F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jbe 00007F51953127A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F70F second address: A0F751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jne 00007F5195016D9Ch 0x0000000d lea ebx, dword ptr [ebp+1244F2E4h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F5195016D98h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov di, si 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 pushad 0x00000035 popad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F751 second address: A0F756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0F80A second address: A0F8C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 763F6B00h 0x00000010 mov dword ptr [ebp+122D1FD1h], ecx 0x00000016 movsx esi, di 0x00000019 push 00000003h 0x0000001b mov dword ptr [ebp+122D1F3Ah], edi 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+122D1F44h], ecx 0x00000029 push 00000003h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F5195016D98h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 stc 0x00000046 push ebx 0x00000047 mov dword ptr [ebp+122D2375h], ecx 0x0000004d pop edi 0x0000004e push A590BC14h 0x00000053 pushad 0x00000054 pushad 0x00000055 jmp 00007F5195016DA3h 0x0000005a push eax 0x0000005b pop eax 0x0000005c popad 0x0000005d jmp 00007F5195016DA0h 0x00000062 popad 0x00000063 xor dword ptr [esp], 6590BC14h 0x0000006a mov edx, dword ptr [ebp+122D2AB4h] 0x00000070 lea ebx, dword ptr [ebp+1244F2EFh] 0x00000076 jl 00007F5195016D98h 0x0000007c push eax 0x0000007d pushad 0x0000007e js 00007F5195016D9Ch 0x00000084 push eax 0x00000085 push edx 0x00000086 push eax 0x00000087 pop eax 0x00000088 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2DE61 second address: A2DE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127B0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2DE77 second address: A2DEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5195016DA4h 0x0000000a push ebx 0x0000000b jmp 00007F5195016DA9h 0x00000010 pop ebx 0x00000011 push ecx 0x00000012 jne 00007F5195016D96h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2DEB4 second address: A2DEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F51953127ADh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E01D second address: A2E021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E021 second address: A2E04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127AFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F51953127B4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E04A second address: A2E061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5195016DA2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E061 second address: A2E08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127AFh 0x00000009 popad 0x0000000a jg 00007F51953127A8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 pop ecx 0x0000001a push eax 0x0000001b jbe 00007F51953127A6h 0x00000021 pop eax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E493 second address: A2E499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E733 second address: A2E76A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F51953127B9h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E76A second address: A2E796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F5195016DA9h 0x0000000e jmp 00007F5195016DA3h 0x00000013 jmp 00007F5195016D9Bh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E796 second address: A2E7AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E7AB second address: A2E7BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F5195016D96h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E90B second address: A2E912 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E912 second address: A2E94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F5195016D9Ch 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5195016DA2h 0x00000014 jmp 00007F5195016DA2h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E94B second address: A2E968 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F51953127B7h 0x00000008 jmp 00007F51953127ABh 0x0000000d jne 00007F51953127A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E968 second address: A2E96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EAE6 second address: A2EAEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EAEC second address: A2EAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EAF2 second address: A2EAF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EAF8 second address: A2EB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F5195016D9Ch 0x0000000b jnp 00007F5195016D96h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 jno 00007F5195016DA8h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007F5195016D9Eh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2ECA0 second address: A2ECA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2ECA4 second address: A2ECAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EDF6 second address: A2EE17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F51953127B1h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop esi 0x0000000b ja 00007F51953127AEh 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F1E1 second address: A2F1F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F6F4 second address: A2F6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F8CC second address: A2F8D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F8D0 second address: A2F8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FA30 second address: A2FA4D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F5195016DA7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FB9F second address: A2FBB8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F51953127A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F51953127A8h 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FBB8 second address: A2FBC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F5195016D96h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FE8D second address: A2FE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3324C second address: A33262 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33262 second address: A3328C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F51953127ABh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F51953127B2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3328C second address: A33290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33290 second address: A332A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F51953127ACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A332A3 second address: A332A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A332A7 second address: A332B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F51953127A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A332B1 second address: A332B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31B69 second address: A31B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A378C2 second address: A378CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F5195016D96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3AF20 second address: A3AF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3AF28 second address: A3AF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3AF2E second address: A3AF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F51953127A6h 0x0000000a popad 0x0000000b jc 00007F51953127AEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B099 second address: A3B09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B09D second address: A3B0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B4D0 second address: A3B4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F5195016D96h 0x0000000a popad 0x0000000b jmp 00007F5195016D9Fh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007F5195016D98h 0x00000019 push edx 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B4FB second address: A3B518 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B518 second address: A3B51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B51E second address: A3B530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F51953127A6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B530 second address: A3B534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B692 second address: A3B6C2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F51953127B9h 0x00000008 jmp 00007F51953127B3h 0x0000000d jnl 00007F51953127AEh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B6C2 second address: A3B6D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016D9Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E012 second address: A3E016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E016 second address: A3E01A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E082 second address: A3E0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 071C679Ch 0x00000010 adc di, A386h 0x00000015 call 00007F51953127A9h 0x0000001a push edx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E0AA second address: A3E0B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E0B0 second address: A3E111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007F51953127AFh 0x0000000e jmp 00007F51953127B0h 0x00000013 popad 0x00000014 pop esi 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jne 00007F51953127AEh 0x0000001f mov eax, dword ptr [eax] 0x00000021 jmp 00007F51953127B2h 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a pushad 0x0000002b jns 00007F51953127A8h 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3E111 second address: A3E115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EC46 second address: A3EC59 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F51953127A6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EC59 second address: A3EC6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EC6C second address: A3ECAA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F51953127A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b cld 0x0000000c nop 0x0000000d jp 00007F51953127BFh 0x00000013 push edi 0x00000014 jmp 00007F51953127B7h 0x00000019 pop edi 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F51953127ADh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F049 second address: A3F04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F6D7 second address: A3F6DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F6DB second address: A3F6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F6E7 second address: A3F6EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F6EB second address: A3F6EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A400A6 second address: A400D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F51953127B9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A400D5 second address: A40121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d jo 00007F5195016D99h 0x00000013 or dh, FFFFFFF6h 0x00000016 popad 0x00000017 push 00000000h 0x00000019 mov edi, dword ptr [ebp+122D2CA4h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F5195016D98h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000014h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov si, BD1Ah 0x0000003f push eax 0x00000040 jbe 00007F5195016DA8h 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40121 second address: A40125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40911 second address: A40917 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40917 second address: A4091E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A41C4E second address: A41C52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A419C9 second address: A419E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127B8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4091E second address: A4093F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5195016DA7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A419E5 second address: A419E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4093F second address: A40949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5195016D96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A419E9 second address: A41A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F51953127AFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A431B8 second address: A431BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A41A04 second address: A41A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A472B5 second address: A472BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A491C6 second address: A491D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F51953127A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48303 second address: A4830D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5195016D96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B3A0 second address: A4B3A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B3A6 second address: A4B3DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5195016DA7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4938F second address: A49393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A49393 second address: A49397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B63A second address: A4B63E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4C6BD second address: A4C6C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4F6E1 second address: A4F704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4F704 second address: A4F714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016D9Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4D7E0 second address: A4D7E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5283B second address: A52843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A52843 second address: A52849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FE9E5 second address: 9FE9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007F5195016D96h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53108 second address: A53111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53111 second address: A53115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A53115 second address: A5313B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F51953127B0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A540DF second address: A540E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A540E3 second address: A540E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A54F5F second address: A54FC0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5195016D98h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub edi, dword ptr [ebp+122D2CFCh] 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov edi, dword ptr [ebp+122D2DA0h] 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 pushad 0x00000026 or dword ptr [ebp+122D28F4h], eax 0x0000002c popad 0x0000002d mov eax, dword ptr [ebp+122D142Dh] 0x00000033 stc 0x00000034 push FFFFFFFFh 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007F5195016D98h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov dword ptr [ebp+12448F12h], ecx 0x00000056 nop 0x00000057 pushad 0x00000058 push ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A55F10 second address: A55F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F51953127A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4E7A7 second address: A4E7AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4E7AB second address: A4E7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007F51953127B0h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7DE1 second address: 9F7DF1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5195016D96h 0x00000008 jp 00007F5195016D96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56DCC second address: A56DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A56DD2 second address: A56DEB instructions: 0x00000000 rdtsc 0x00000002 js 00007F5195016D96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jns 00007F5195016D96h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5EB89 second address: A5EBA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5EBA0 second address: A5EBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5EBA6 second address: A5EBAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCF78 second address: 9FCF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCF85 second address: 9FCFA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F51953127B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCFA5 second address: 9FCFC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCFC4 second address: 9FCFDD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F51953127B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCFDD second address: 9FCFE2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6021A second address: A6022E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127AFh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6022E second address: A60233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A64033 second address: A6403D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6403D second address: A6404D instructions: 0x00000000 rdtsc 0x00000002 je 00007F5195016D96h 0x00000008 jp 00007F5195016D96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6404D second address: A64055 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A64055 second address: A64059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A64059 second address: A6405D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A64376 second address: A6439D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F5195016D96h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jng 00007F5195016D96h 0x00000015 pop esi 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 jl 00007F5195016DA2h 0x0000001f jns 00007F5195016D96h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A86C second address: A6A870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A870 second address: A6A8B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnl 00007F5195016DA2h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 pushad 0x00000013 jns 00007F5195016D96h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c jbe 00007F5195016D98h 0x00000022 push eax 0x00000023 pop eax 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 pushad 0x00000028 jmp 00007F5195016DA1h 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A8B9 second address: A6A8D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F51953127B1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A8D8 second address: A6A8EA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5195016D96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F5195016D96h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70C5D second address: A70C7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A711FA second address: A71209 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A71336 second address: A7134C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F51953127A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jc 00007F51953127A6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72F44 second address: A72F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75AC3 second address: A75AD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B3F6 second address: A7B403 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A354 second address: A7A36C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127B1h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A36C second address: A7A373 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A4E9 second address: A7A505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 jmp 00007F51953127B1h 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A7AA second address: A7A7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5195016D96h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A7B5 second address: A7A7C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jbe 00007F51953127A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A79F5C second address: A79F6A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5195016D96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A79F6A second address: A79F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7ABAB second address: A7AC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F5195016D96h 0x0000000c jno 00007F5195016D96h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F5195016D9Bh 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c pop eax 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 jmp 00007F5195016DA5h 0x00000025 js 00007F5195016DACh 0x0000002b jmp 00007F5195016DA6h 0x00000030 popad 0x00000031 push edx 0x00000032 pushad 0x00000033 push edi 0x00000034 pop edi 0x00000035 jp 00007F5195016D96h 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7AD1C second address: A7AD33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127AFh 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7E820 second address: A7E824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7E824 second address: A7E834 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jnp 00007F51953127B6h 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3CE10 second address: A3CE14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D2BE second address: A3D2D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D5D6 second address: A3D5DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D9C5 second address: A3D9CA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D9CA second address: A3DA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jg 00007F5195016DA7h 0x0000000e jnc 00007F5195016DA1h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F5195016D98h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 0000001Eh 0x00000031 movzx ecx, bx 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 push esi 0x00000038 je 00007F5195016D96h 0x0000003e pop esi 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DA17 second address: A3DA1C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DA1C second address: A3DA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F5195016D9Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F5195016D96h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DB34 second address: A3DB38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DB38 second address: A3DB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DD3A second address: A3DD87 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F51953127ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F51953127A8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 movzx edx, si 0x0000002a lea eax, dword ptr [ebp+1247C984h] 0x00000030 push edx 0x00000031 mov ecx, dword ptr [ebp+122D2B70h] 0x00000037 pop edi 0x00000038 push eax 0x00000039 push edi 0x0000003a pushad 0x0000003b push ecx 0x0000003c pop ecx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3DD87 second address: A23C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 adc cl, FFFFFFB8h 0x0000000c mov dx, 9804h 0x00000010 call dword ptr [ebp+122D2EB3h] 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F5195016D9Ch 0x0000001e jc 00007F5195016D96h 0x00000024 push eax 0x00000025 push edx 0x00000026 jg 00007F5195016D96h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23C78 second address: A23C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23C7C second address: A23C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5195016D96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23C88 second address: A23CA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B3h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23CA1 second address: A23CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23CA5 second address: A23CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EAFD second address: A7EB0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 jnp 00007F5195016D96h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EB0D second address: A7EB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EB14 second address: A7EB19 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EEF4 second address: A7EEFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EEFD second address: A7EF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EF06 second address: A7EF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7EF0A second address: A7EF10 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F07D second address: A7F081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F081 second address: A7F0A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5195016D9Bh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F0A5 second address: A7F0AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F21C second address: A7F227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F36F second address: A7F387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a jc 00007F51953127A6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A854DA second address: A854EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A854EF second address: A85520 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007F51953127B1h 0x00000010 jmp 00007F51953127ABh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A85520 second address: A85530 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F5195016DA2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84137 second address: A8416F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F51953127B3h 0x0000000f jmp 00007F51953127B5h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84727 second address: A8476F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5195016D9Ch 0x0000000e push edx 0x0000000f jmp 00007F5195016DA6h 0x00000014 pop edx 0x00000015 popad 0x00000016 jc 00007F5195016DAEh 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F5195016D96h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8476F second address: A84773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A848D3 second address: A848EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A848EF second address: A848F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A848F5 second address: A848FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84C06 second address: A84C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127B0h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84F02 second address: A84F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84F06 second address: A84F10 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F51953127A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84F10 second address: A84F15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8CCD8 second address: A8CCE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8CCE0 second address: A8CCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA5h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9202B second address: A9203C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jc 00007F51953127AAh 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95CEF second address: A95CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016D9Ah 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95CFE second address: A95D1F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F51953127BAh 0x00000008 jmp 00007F51953127B4h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95D1F second address: A95D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5195016D96h 0x0000000a jne 00007F5195016D96h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 js 00007F5195016DB0h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A95D3C second address: A95D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F51953127A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99192 second address: A991A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F5195016D96h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A991A1 second address: A991B1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F51953127A6h 0x00000008 jo 00007F51953127A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A991B1 second address: A991BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F5195016D96h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99357 second address: A9935B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9935B second address: A99378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99378 second address: A9937F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9950A second address: A99524 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5195016D9Ch 0x00000008 js 00007F5195016D96h 0x0000000e push esi 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99524 second address: A9953A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F51953127AEh 0x00000009 pop edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9987F second address: A99889 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5195016D96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99889 second address: A998A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F51953127A6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F51953127AFh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99A09 second address: A99A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99A0D second address: A99A18 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99A18 second address: A99A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99A1E second address: A99A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99B97 second address: A99BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99BB2 second address: A99BB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99BB6 second address: A99BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99BBC second address: A99BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9FD6F second address: A9FD82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5195016D96h 0x0000000a popad 0x0000000b jbe 00007F5195016D98h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E98F second address: A9E9A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F51953127B0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E9A9 second address: A9E9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EAFC second address: A9EB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F51953127B8h 0x0000000b jng 00007F51953127A6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F51953127A6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9EB2B second address: A9EB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D7BF second address: A3D802 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ebx, dword ptr [ebp+1247C9C3h] 0x0000000e je 00007F51953127BDh 0x00000014 call 00007F51953127B0h 0x00000019 xor dword ptr [ebp+1247404Eh], esi 0x0000001f pop ecx 0x00000020 add eax, ebx 0x00000022 adc di, 29B1h 0x00000027 nop 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b jbe 00007F51953127A6h 0x00000031 jg 00007F51953127A6h 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D802 second address: A3D82F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5195016DA7h 0x00000008 jg 00007F5195016D96h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F5195016D96h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D82F second address: A3D833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D833 second address: A3D866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F5195016D98h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000004h 0x00000024 sub edi, dword ptr [ebp+122D2D9Ch] 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D866 second address: A3D86C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D86C second address: A3D876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F5195016D96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D876 second address: A3D893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D893 second address: A3D897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA75CE second address: AA75D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA75D2 second address: AA75D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA75D8 second address: AA75F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F51953127A6h 0x00000009 jp 00007F51953127A6h 0x0000000f ja 00007F51953127A6h 0x00000015 popad 0x00000016 pushad 0x00000017 jne 00007F51953127A6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB510 second address: 9FB52C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jo 00007F5195016DA0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA5517 second address: AA551D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA551D second address: AA5521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA5521 second address: AA5525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA5B28 second address: AA5B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5195016DA7h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA5B5D second address: AA5B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6100 second address: AA6107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA667E second address: AA6684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6684 second address: AA6688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6688 second address: AA668C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA668C second address: AA6698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5195016D96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6C9D second address: AA6CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6CA1 second address: AA6CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F5195016D96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA6FFB second address: AA7013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F51953127A6h 0x0000000a jmp 00007F51953127AEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7013 second address: AA7019 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7019 second address: AA702A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F51953127C6h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA702A second address: AA7040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016D9Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA72CC second address: AA72E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F51953127ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFAB3 second address: AAFAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFE83 second address: AAFE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFE87 second address: AAFEC5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F5195016DACh 0x0000000c jmp 00007F5195016DA4h 0x00000011 push edx 0x00000012 pop edx 0x00000013 jnc 00007F5195016D9Eh 0x00000019 popad 0x0000001a pushad 0x0000001b push ebx 0x0000001c pushad 0x0000001d popad 0x0000001e pop ebx 0x0000001f jng 00007F5195016DA2h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFEC5 second address: AAFECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB002D second address: AB0039 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB016B second address: AB0171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0171 second address: AB0175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0175 second address: AB0185 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F51953127A6h 0x00000008 jnc 00007F51953127A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0185 second address: AB0197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5195016D9Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0197 second address: AB01A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB047B second address: AB047F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB05E5 second address: AB05ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB73DF second address: AB73F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F5195016DA1h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7B2E second address: AB7B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7C7D second address: AB7C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7C8A second address: AB7C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7E0E second address: AB7E23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jns 00007F5195016D96h 0x0000000e jnl 00007F5195016D96h 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB88FC second address: AB8900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9003 second address: AB9007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9007 second address: AB902E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F51953127C1h 0x0000000c jns 00007F51953127A6h 0x00000012 jmp 00007F51953127B5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF66F second address: ABF675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF7FB second address: ABF81D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 jbe 00007F51953127A6h 0x0000000d jmp 00007F51953127B1h 0x00000012 popad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF983 second address: ABF99F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5195016DA1h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF99F second address: ABF9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F51953127A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF9AE second address: ABF9B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF9B2 second address: ABF9B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF9B8 second address: ABF9C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1366 second address: AC1371 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACC0D4 second address: ACC0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F5195016D96h 0x0000000f jmp 00007F5195016DA9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACC0FC second address: ACC100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACC100 second address: ACC106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACC106 second address: ACC110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACEFD7 second address: ACF00C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F5195016D9Eh 0x0000000f jmp 00007F5195016D9Ah 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACF00C second address: ACF012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACECF7 second address: ACECFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACECFD second address: ACED1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jl 00007F51953127A6h 0x0000000c je 00007F51953127A6h 0x00000012 ja 00007F51953127A6h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACED1A second address: ACED20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2A43 second address: AD2A4D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F51953127A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD2A4D second address: AD2A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5D2F second address: AD5D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5D33 second address: AD5D5E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5195016DA0h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5195016DA2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE087 second address: ADE08B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE08B second address: ADE0C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jg 00007F5195016D96h 0x00000012 jmp 00007F5195016D9Bh 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5195016D9Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE0C7 second address: ADE0CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE0CD second address: ADE0DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F5195016D96h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADE0DC second address: ADE0E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE3841 second address: AE385E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE385E second address: AE3862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE3862 second address: AE386E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5195016D96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE386E second address: AE3874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE3874 second address: AE387A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5687 second address: AE568C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE568C second address: AE56AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5195016DA9h 0x00000009 jl 00007F5195016D96h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE8A63 second address: AE8AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F51953127B2h 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007F51953127B6h 0x00000014 jmp 00007F51953127B0h 0x00000019 pop ebx 0x0000001a jmp 00007F51953127ADh 0x0000001f push ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDDAB second address: AEDDC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F5195016D9Eh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDDC5 second address: AEDDCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDDCA second address: AEDDD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDDD0 second address: AEDDDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F51953127A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDDDA second address: AEDDDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE28F second address: AEE299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE299 second address: AEE29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3FF second address: AEE433 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127ADh 0x00000007 jmp 00007F51953127B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F51953127AEh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE6C0 second address: AEE6C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF324C second address: AF3259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jne 00007F51953127A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF3259 second address: AF326E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5195016D9Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF2F7B second address: AF2F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF2F7F second address: AF2F83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05DA0 second address: B05DC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F51953127B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F51953127A8h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFE64 second address: AFFE69 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12F54 second address: B12F62 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F51953127A6h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12A40 second address: B12A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5195016D96h 0x0000000a jmp 00007F5195016DA3h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12A66 second address: B12A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12A6A second address: B12A7D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F5195016D9Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12A7D second address: B12A87 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F51953127ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12BCD second address: B12BF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F5195016D96h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e jmp 00007F5195016DA1h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DF99 second address: B2DF9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CCF0 second address: B2CD04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5195016D96h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CD04 second address: B2CD18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F51953127ACh 0x0000000e ja 00007F51953127A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CE60 second address: B2CE64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CE64 second address: B2CEA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jg 00007F51953127ACh 0x0000000e jmp 00007F51953127B2h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F51953127B7h 0x0000001a js 00007F51953127A6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D1A4 second address: B2D1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 jmp 00007F5195016D9Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D5FA second address: B2D60E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F51953127A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D78A second address: B2D7AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5195016DA1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F5195016D9Eh 0x00000011 pushad 0x00000012 popad 0x00000013 jns 00007F5195016D96h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D921 second address: B2D92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D92A second address: B2D92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D92E second address: B2D937 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D937 second address: B2D93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D93D second address: B2D95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 je 00007F51953127A6h 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F51953127B2h 0x00000016 jnp 00007F51953127A6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D95B second address: B2D973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016DA4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB14 second address: B2DB19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB19 second address: B2DB1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB1F second address: B2DB3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F51953127B5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB3D second address: B2DB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB41 second address: B2DB45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DC6C second address: B2DC71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2F710 second address: B2F714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2F714 second address: B2F72E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jo 00007F5195016D96h 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop ebx 0x00000012 jp 00007F5195016D9Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3218F second address: B321A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B327A8 second address: B327AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B327AC second address: B327B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0DD3 second address: 53B0E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016DA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov cx, dx 0x0000000f popad 0x00000010 jns 00007F5195016E06h 0x00000016 pushad 0x00000017 jmp 00007F5195016D9Bh 0x0000001c mov bx, si 0x0000001f popad 0x00000020 add eax, ecx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F5195016DA0h 0x00000029 jmp 00007F5195016DA5h 0x0000002e popfd 0x0000002f pushad 0x00000030 mov dl, al 0x00000032 pushfd 0x00000033 jmp 00007F5195016DA3h 0x00000038 xor cl, FFFFFFDEh 0x0000003b jmp 00007F5195016DA9h 0x00000040 popfd 0x00000041 popad 0x00000042 popad 0x00000043 mov eax, dword ptr [eax+00000860h] 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F5195016D9Dh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0E82 second address: 53B0E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F51953127ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0E92 second address: 53B0EE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5195016D9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e mov ecx, 533FF29Bh 0x00000013 push esi 0x00000014 pop edx 0x00000015 popad 0x00000016 je 00007F520659CC47h 0x0000001c jmp 00007F5195016DA6h 0x00000021 test byte ptr [eax+04h], 00000005h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F5195016DA7h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40D5F second address: A40D6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F51953127A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40F47 second address: A40F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5195016D9Ah 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F5195016D98h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 893C03 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3314B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A31D1B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3CDBE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3268	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2864	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2192876894.000000000146E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2192992500.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.00000000014D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00875BB0 LdrInitializeThunk,

0_2_00875BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, file.exe, 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: IFProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.50.98.133	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
bathdoomgaz.store	true		unknown
studennotediw.store	true		unknown
clearancek.site	true		unknown
dissapoiznw.store	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
spirittunek.store	true		unknown
licendfilteo.site	true		unknown
eaglepawnoy.store	true		unknown
mobbipenju.store	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/	file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dissapoiznw.store:443/api	file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clearancek.site:443/api	file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s.ytimg.com;	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=A9z8	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/q	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/com1;z	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://studennotediw.store:443/api	file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site:443/apii	file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a	file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900A	file.exe, 00000000.00000002.2192992500.00000000014C6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.00000000014C4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Caec5df3887eb62e	file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.2192992500.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com:443/profiles/76561199724331900vp	file.exe, 00000000.00000003.2191300352.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2192992500.00000000014AE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHO	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000002.2192992500.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191300352.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.0000000001539000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2191035665.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191501062.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191035665.0000000001506000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2193191369.0000000001506000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2190992066.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.50.98.133	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1534099
Start date and time:	2024-10-15 15:47:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
09:48:09	API Interceptor	4x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.50.98.133	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	https://u.to/UKDgIA	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.PWSX-gen.1070.11757.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	SecuriteInfo.com.Trojan.PWS.Steam.37477.6298.10622.exe	Get hash	malicious	Vidar	Browse
	SecuriteInfo.com.Win32.Evo-gen.25283.30900.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.FileRepMalware.25501.25264.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.W32.PossibleThreat.3672.22783.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Win32.Malware-gen.17837.3001.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	9evHLnwull.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tiCW7a3x1P.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	oXtUD7dfUE.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	ordine.pdf	Get hash	malicious	Unknown	Browse	184.28.88.176
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	otelcol-contrib_0.111.0_windows_x64.msi	Get hash	malicious	Unknown	Browse	184.28.90.27
	Revised_Executed_Docs_(Revised)_Afranco_Latecnovalvo_Required_Signature.docx	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	9evHLnwull.exe	Get hash	malicious	Vidar	Browse	23.194.234.100

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	SecuriteInfo.com.Win32.PWSX-gen.1475.22419.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.50.98.133
	lfyJfb6jSS.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	SecuriteInfo.com.Win32.PWSX-gen.19951.1573.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	doc-Impostos.cmd	Get hash	malicious	Unknown	Browse	23.50.98.133
	DL7MG3T9jo.exe	Get hash	malicious	LummaC	Browse	23.50.98.133

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.524194316786604
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'988'544 bytes
MD5:	667b24560f2d96e3c80b6052e72f17bd
SHA1:	6da4dd2baa290b2078dc501790dae243e833df4d
SHA256:	64585ba1a93d0bd0af219dbbc455c7e4cc5f8b1a6d46eba6b60c45051692f5c3
SHA512:	98649d833c28de26698d0429f0f01af94e8a19599a4c274864d2dc9b03567331f85ef7b548db101dd10801b16bb9a28613a242f7698f93fe5fff237ab47ad66a
SSDEEP:	24576:SiH0Ddvfdpyxm31RSBBDUNiNJOyUSCbLxXXjLxee8uPqoI3dgs7TjkrHPbVpSLvR:Si2tQ8qtNJdCb5nIzAjLSBNa5orOAW
TLSH:	7AD539A2A50672CFD09E1774467FCF866A6C02BA072008C79D6A657A7DA3CC517FFC24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f............................. 1...........@..........................P1.....\.-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x712000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5194F83FDAh
vmread dword ptr [00000000h], ebp
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	5e20e822ca6d4d44310a304342ed5cb0	False	0.9995165532178217	data	7.977018404486159	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xhlfooqt	0x60000	0x2b1000	0x2b0400	d9b8104cef7fe557385af8a6eaf9f164	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
sbuhabsa	0x311000	0x1000	0x400	dc48fa069035cf0a3691b3a81ebf1fe3	False	0.74609375	data	5.97332380625508	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x312000	0x3000	0x2200	4c55f96724f198713669046a72575cef	False	0.06008731617647059	DOS executable (COM)	0.6541327225581707	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-15T15:48:10.191523+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	54397	1.1.1.1	53	UDP
2024-10-15T15:48:10.204938+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	60537	1.1.1.1	53	UDP
2024-10-15T15:48:10.231901+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	64347	1.1.1.1	53	UDP
2024-10-15T15:48:10.243434+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	61052	1.1.1.1	53	UDP
2024-10-15T15:48:10.255025+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	63232	1.1.1.1	53	UDP
2024-10-15T15:48:10.266846+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	58486	1.1.1.1	53	UDP
2024-10-15T15:48:10.279336+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	57902	1.1.1.1	53	UDP
2024-10-15T15:48:10.296314+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	50886	1.1.1.1	53	UDP
2024-10-15T15:48:11.922235+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49716	23.50.98.133	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 15, 2024 15:48:10.324790955 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:10.324877977 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:10.324974060 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:10.328603029 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:10.328625917 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.205714941 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.205810070 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.208560944 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.208585024 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.208892107 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.257520914 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.283346891 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.327413082 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922426939 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922489882 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922512054 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.922537088 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922555923 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922569990 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.922589064 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922600985 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.922607899 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.922627926 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.922661066 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.942682028 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.942743063 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.942766905 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.942784071 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.942853928 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.942862034 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.942955971 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.943011999 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.946033955 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.946057081 CEST	443	49716	23.50.98.133	192.168.2.6
Oct 15, 2024 15:48:11.946067095 CEST	49716	443	192.168.2.6	23.50.98.133
Oct 15, 2024 15:48:11.946073055 CEST	443	49716	23.50.98.133	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 15, 2024 15:48:10.191523075 CEST	54397	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.200340033 CEST	53	54397	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.204937935 CEST	60537	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.230164051 CEST	53	60537	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.231900930 CEST	64347	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.241394043 CEST	53	64347	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.243433952 CEST	61052	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.252757072 CEST	53	61052	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.255024910 CEST	63232	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.265193939 CEST	53	63232	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.266845942 CEST	58486	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.277137995 CEST	53	58486	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.279335976 CEST	57902	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.290896893 CEST	53	57902	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.296314001 CEST	50886	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.305305004 CEST	53	50886	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:10.311800003 CEST	56332	53	192.168.2.6	1.1.1.1
Oct 15, 2024 15:48:10.318825006 CEST	53	56332	1.1.1.1	192.168.2.6
Oct 15, 2024 15:48:50.983917952 CEST	53	59556	162.159.36.2	192.168.2.6
Oct 15, 2024 15:48:52.306724072 CEST	53	57895	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 15, 2024 15:48:10.191523075 CEST	192.168.2.6	1.1.1.1	0x537	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.204937935 CEST	192.168.2.6	1.1.1.1	0x5b03	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.231900930 CEST	192.168.2.6	1.1.1.1	0xe925	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.243433952 CEST	192.168.2.6	1.1.1.1	0x63bd	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.255024910 CEST	192.168.2.6	1.1.1.1	0xfd2a	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.266845942 CEST	192.168.2.6	1.1.1.1	0x95de	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.279335976 CEST	192.168.2.6	1.1.1.1	0xc7b0	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.296314001 CEST	192.168.2.6	1.1.1.1	0x4fe	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.311800003 CEST	192.168.2.6	1.1.1.1	0xc518	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 15, 2024 15:48:10.200340033 CEST	1.1.1.1	192.168.2.6	0x537	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.230164051 CEST	1.1.1.1	192.168.2.6	0x5b03	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.241394043 CEST	1.1.1.1	192.168.2.6	0xe925	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.252757072 CEST	1.1.1.1	192.168.2.6	0x63bd	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.265193939 CEST	1.1.1.1	192.168.2.6	0xfd2a	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.277137995 CEST	1.1.1.1	192.168.2.6	0x95de	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.290896893 CEST	1.1.1.1	192.168.2.6	0xc7b0	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.305305004 CEST	1.1.1.1	192.168.2.6	0x4fe	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 15:48:10.318825006 CEST	1.1.1.1	192.168.2.6	0xc518	No error (0)	steamcommunity.com		23.50.98.133	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	23.50.98.133	443	5280	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-15 13:48:11 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-15 13:48:11 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Tue, 15 Oct 2024 13:48:11 GMT Content-Length: 25489 Connection: close Set-Cookie: sessionid=48165f034f1d7f4fcb605733; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Caec5df3887eb62e4bfbcb38d69f1858b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-15 13:48:11 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-15 13:48:11 UTC	10062	IN	Data Raw: 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 62 75 6c 67 61 72 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 62 75 6c 67 61 72 69 61 6e 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 Data Ascii: <a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a><a class="popup_menu_item tight" href="?l=bulgarian" onclick="ChangeLanguage( 'bulgarian' ); return fa
2024-10-15 13:48:11 UTC	913	IN	Data Raw: 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0d 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 26 6e 62 73 70 3b 20 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 Data Ascii: t="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_blank">Privacy Policy</a>  \|  <a href="https://store.steampowered.c

Target ID:	0
Start time:	09:48:06
Start date:	15/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x830000
File size:	2'988'544 bytes
MD5 hash:	667B24560F2D96E3C80B6052E72F17BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	62.7%
Total number of Nodes:	51
Total number of Limit Nodes:	5

Executed Functions

Function 008750FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00875182

Strings

<I$), xrefs: 008752E3
<I$), xrefs: 00875198
@^, xrefs: 00875120

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: dfd973967d312f23c781ef054860451e0da1d2e64676c959add8ef39c738fc3b
Instruction ID: 9f6308d0a795791bd628153be976273db3ba7362db96e9a0f98b0233ced2a665
Opcode Fuzzy Hash: dfd973967d312f23c781ef054860451e0da1d2e64676c959add8ef39c738fc3b
Instruction Fuzzy Hash: CF216D351083848FD300DF68E89176AF7E4FB6A304FA9882CE1C5D7352E676DA158B56

Function 0083FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 0083FEDC
t, xrefs: 0083FCBE
J|BJ, xrefs: 0084000D
VY^_, xrefs: 0083FDFF

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 3ccdbb779c8ad83fe791434ebe23e6dd027be079c75c194ddd368320c1a1fd75
Instruction ID: f705d6403a9e55e0b4f727b19e84450b3c79e9d8730283ab8880a56d95c1336e
Opcode Fuzzy Hash: 3ccdbb779c8ad83fe791434ebe23e6dd027be079c75c194ddd368320c1a1fd75
Instruction Fuzzy Hash: 54D1557550C3989BD311DF18949061FBBE1FB96B48F14882CFAC98B252D735C909DF92

Function 0083D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0083D2F1

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c4a31b4a9f4290b72c7fa02d60df4d5742038c6c7366d9f7c2042a64d8853692
Instruction ID: 3fb212074aa68bd295d4458eaba10ced6f25d42192359f223331b6442fc6d975
Opcode Fuzzy Hash: c4a31b4a9f4290b72c7fa02d60df4d5742038c6c7366d9f7c2042a64d8853692
Instruction Fuzzy Hash: 3041137040D340ABD701BB68E584A2EFBE5EF92745F548C1CE5C4DB252C335E8248BAB

Function 00875700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00875784

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 370cec46267f345fe083640f688c1525a0c092eafe0d1df7da2b66c84a9f4fa2
Instruction ID: 8a098f6fd1dbf60e92266a83ff23e8ab4a84c7eb97c3e3ebc322a3fbecbae597
Opcode Fuzzy Hash: 370cec46267f345fe083640f688c1525a0c092eafe0d1df7da2b66c84a9f4fa2
Instruction Fuzzy Hash: 4A118C71918240EBC305AF2CE841A1BBBE5EF96B15F058828E488DB215D335D810DBA3

Function 00875BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0087973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00875BDE

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 0087695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 008769C5

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7a8c41e28e4a5e97dc3fde0fe4cc25cf3bc5767d47449d95473b3b4b5984d19f
Instruction ID: 967ec4c974bb4e0128350109c83ab6438f7d4a9fea4fdfe1c567d897b9c073f8
Opcode Fuzzy Hash: 7a8c41e28e4a5e97dc3fde0fe4cc25cf3bc5767d47449d95473b3b4b5984d19f
Instruction Fuzzy Hash: CC3176B15083028BD718EF18D890A2ABBE1FF85344F48982CE5CAD72A5E334D9148B56

Function 0084049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd273d8ab7baf1e3b4bf2a6b236daa95658fa3b771f48392d1b3825164f821f2
Instruction ID: d1f3f724b3c864b7d0f3013b36c03a3af1728c92fbe730138b942607cfe670b2
Opcode Fuzzy Hash: dd273d8ab7baf1e3b4bf2a6b236daa95658fa3b771f48392d1b3825164f821f2
Instruction Fuzzy Hash: 35918975200B01CFD724CF25E894A17B7F6FF89314B118A6CE95A8BBA2D771E815CB90

Function 00840228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70640d92dc7a780762057558f4fb981e0e561ab9f27a1cfa71894e50c1730b23
Instruction ID: b30d6ab731de270ebaf64419d8d6d343fb93c6b69b084c4916bcfa18142bf242
Opcode Fuzzy Hash: 70640d92dc7a780762057558f4fb981e0e561ab9f27a1cfa71894e50c1730b23
Instruction Fuzzy Hash: 93718835204B01CFD7248F25E898A17B7F6FF89314F10896CEA4A8BAA2D731E855CF50

Function 008799D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99a72d05ab7d16591e8ae584fdf47032f04320805a8b54e435b9be79f132d7ae
Instruction ID: b11f93ddcb001fa6897fab4dc931676ab7b608ec7f1209ddf8cb1b653da1d669
Opcode Fuzzy Hash: 99a72d05ab7d16591e8ae584fdf47032f04320805a8b54e435b9be79f132d7ae
Instruction Fuzzy Hash: 9A414834209310ABD714AA19E891B2AFBF6FB85724F64C82CE5CED7255D335E811CB62

Function 008763B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b27f9fc8c79ca63a6d91c4feed0d27fb301d511572fe1671fc155ed59afa258
Instruction ID: d69c45d4b926705aaa0a78364673c32cc71ec07b1ccfefb8aa188c0af03f9ea6
Opcode Fuzzy Hash: 6b27f9fc8c79ca63a6d91c4feed0d27fb301d511572fe1671fc155ed59afa258
Instruction Fuzzy Hash: 5B31E470649701BBD624DB08CD82F3AB7A5FB81B15F64C50CF189AB2E5E370E821CB56

Function 00840EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0d84cd6d3f93aef2a49cbb8f6fba0d39c77ffaec24eafe0ebd19d9a0f4a561f
Instruction ID: 1d296ae8feeeb8ddc3b125cd85ab6ed637bc9b5a6303ced33b546c4a7356be9d
Opcode Fuzzy Hash: c0d84cd6d3f93aef2a49cbb8f6fba0d39c77ffaec24eafe0ebd19d9a0f4a561f
Instruction Fuzzy Hash: A2212AB490022A9FDB15CF94CC90BBEBBB1FB46304F144819E911BB292C735A945CF64

Function 00873220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 008732A6

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 91ebc6b4f1ad597eeffa1625cf8f813ef7cf394d3f58bfd4fecd1b5c7f177280
Instruction ID: ebb030b65d6aaf766c882ef0986d6d8521796e9af934d582cb072ea9e957841d
Opcode Fuzzy Hash: 91ebc6b4f1ad597eeffa1625cf8f813ef7cf394d3f58bfd4fecd1b5c7f177280
Instruction Fuzzy Hash: 1801463450D3409BC701AB18E885A1ABBE8FF5AB01F05882CE5C98B362D235DD60DBA3

Function 00873202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00873208

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 24fd016ef6f7cbf59f313e4d318db0fec858cc6ec73dfb43e8a8ef23f7bfae09
Instruction ID: 0f70730de1aacf35bff045c21a36798610da589dfc6dbc827a7c5ed958427503
Opcode Fuzzy Hash: 24fd016ef6f7cbf59f313e4d318db0fec858cc6ec73dfb43e8a8ef23f7bfae09
Instruction Fuzzy Hash: 24B012300401005FEA082B04EC0AF003610FB00605FC00050A100040F1D1615864C654

Non-executed Functions

Function 008623E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

#v, xrefs: 0086344B, 00864861
mlc@, xrefs: 0086275C
Cx, xrefs: 0086453D
f@~!, xrefs: 008625FF
|}&C, xrefs: 00862F21
%*+(, xrefs: 008640EF
fedc, xrefs: 00862782
aenQ, xrefs: 0086276A
ggxz, xrefs: 00862685
`tii, xrefs: 00862693
{l`~, xrefs: 0086268C
:, xrefs: 008632DD
3<, xrefs: 008632D6

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: e1f48ecbfc74b4e17e7f1df426b314493c7ddec81e2dcdff573b4f7ca50f4951
Instruction ID: 76b1f19f4eab2ee14f7f74d16dbf804d4070afab9e7d2b5f18606bd9782ea15d
Opcode Fuzzy Hash: e1f48ecbfc74b4e17e7f1df426b314493c7ddec81e2dcdff573b4f7ca50f4951
Instruction Fuzzy Hash: 8333BC70504B818FD7258F38C590B66BBE1FF16304F58899DE4DA8BB92C735E906CBA1

Function 0084DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

@ONM, xrefs: 0084E6DB
T, xrefs: 0084F157
QNOL, xrefs: 0084E775
`onm, xrefs: 0084E733
DCBA, xrefs: 0084E887, 0084E896
<=:;, xrefs: 0084E930
`Y^_, xrefs: 0084E99E
|, xrefs: 0084ECB1
LKJI, xrefs: 0084E6E6
D, xrefs: 0084E846
89>?, xrefs: 0084E9F6
lkji, xrefs: 0084E73E
:WUE, xrefs: 0084F6B7, 0084F6C6
WP, xrefs: 0084DCEF
89&', xrefs: 0084E93B
mjkh, xrefs: 0084E7D8
tsrq, xrefs: 0084E6FC
dcba, xrefs: 0084E728
<=2, xrefs: 0084EA01
tuJK, xrefs: 0084E967
%*+(, xrefs: 0084DE37, 0084DE46
AR, xrefs: 0084DD10
()./, xrefs: 0084E9CA
xgfe, xrefs: 0084E71D

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 01cae325cd5ece93f19e55a6331f2d589c8cc747378f76c8fad750cf9b5f626c
Instruction ID: c09c7fa7d466915ebec1797b9a89e60fa5325995725780a3d8927ab9d737c186
Opcode Fuzzy Hash: 01cae325cd5ece93f19e55a6331f2d589c8cc747378f76c8fad750cf9b5f626c
Instruction Fuzzy Hash: 16F255B05093859BD770CF18C884BABBBE2FBD5304F14882CE5C9DB252DB759984CB92

Function 00859F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

%e6g, xrefs: 0085A152
CG, xrefs: 0085AA32
kW, xrefs: 0085A380
=], xrefs: 0085A36A
WQ, xrefs: 0085A62B
JG, xrefs: 0085AA27
Gt, xrefs: 00859FF8
/), xrefs: 0085A66D
N[, xrefs: 0085A375
(a*c, xrefs: 0085A147
?m,o, xrefs: 0085A13C
WH, xrefs: 0085AA1C
_Y, xrefs: 0085A641
sm, xrefs: 0085A830
]{, xrefs: 0085A1E7, 0085A1F3
S], xrefs: 0085A636
hi, xrefs: 0085AB9D

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: f2a4deb067f952493463c1b6bd9ba19cbd08edc69478bf54a9cc5b566144942c
Instruction ID: fa6bcd284da9fe9dbb4260ffaa3ad2784f0f72e2b00b056fe7e732f5a50bbee3
Opcode Fuzzy Hash: f2a4deb067f952493463c1b6bd9ba19cbd08edc69478bf54a9cc5b566144942c
Instruction Fuzzy Hash: 2352B6B404D385CAE274CF25D581B8EBAF1BB92740F608A1DE5ED9B255DB708049CF93

Function 00859510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

2A"_, xrefs: 00859980
!E4G, xrefs: 00859836
O+f), xrefs: 00859634, 0085963D
,A&C, xrefs: 0085982E
?M0K, xrefs: 00859968
G+X5, xrefs: 00859AF3
B?Q9, xrefs: 00859B0B
8;, xrefs: 00859B13
z=Q?, xrefs: 00859826
T#a-, xrefs: 00859AE3
G'M!, xrefs: 00859ADB
X/R), xrefs: 00859AEB
L3Y=, xrefs: 00859B03
pq, xrefs: 008599E0
B7U1, xrefs: 00859AFB
;IJK, xrefs: 0085983E

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: e8de85c166343354256dff41098f7eb284ac459b991cb175f9fcd13ef5119bf7
Instruction ID: c1ae1c6d7fc042f7f977eb70c33cc83bd980b22db8246cfab09a74f4468834d8
Opcode Fuzzy Hash: e8de85c166343354256dff41098f7eb284ac459b991cb175f9fcd13ef5119bf7
Instruction Fuzzy Hash: 33F13FB0108384ABD310DF19D881A2BBBF4FB96B49F444D1CF9D59B252E334D908CB96

Function 0085DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0085E143
upH}, xrefs: 0085DE8A, 0085E798, 0085DF4A
,Q?S, xrefs: 0085E26F
hX]N, xrefs: 0085DDC7
<Y.[, xrefs: 0085E27D
{E, xrefs: 0085E323
-M2O, xrefs: 0085E25A
=]+_, xrefs: 0085E276
Y9N;, xrefs: 0085E245
n\+H, xrefs: 0085DDC0
)IgK, xrefs: 0085E261

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 545de320eef6f584e9b861f24fddbdad29e855a22e220b506cfea9ec7cd0b62b
Instruction ID: 9818797abfe64eb2476d2490045fd5148f3c6e8cea0d9223753aa21a25b9912f
Opcode Fuzzy Hash: 545de320eef6f584e9b861f24fddbdad29e855a22e220b506cfea9ec7cd0b62b
Instruction Fuzzy Hash: 99920471E00215CFDB18CF68D8416AEBBB2FF49311F298168E856EB391D735AD06CB91

Function 00A00956 Relevance: 12.9, Strings: 9, Instructions: 1680COMMON

Download Yara Rule

Strings

bM, xrefs: 00A0118D
*?, xrefs: 00A00D1D
r"p, xrefs: 00A00BEB
~X}$, xrefs: 00A00A99
g:/, xrefs: 00A0154B
'4_[, xrefs: 00A00C9C
1y4v, xrefs: 00A013BF
CGWo, xrefs: 00A01CA8
how, xrefs: 00A01554

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: '4_[$*?$1y4v$CGWo$g:/$how$r"p$~X}$$bM
API String ID: 0-4142471956
Opcode ID: 83e02760a9b0eafe2a7777741b8c49fb1794d33df2a40a140e0aace0b9148126
Instruction ID: 7646daeaccddc0a4bfd5df051ede7b532680cc45332080d65c2fb91b698d2f46
Opcode Fuzzy Hash: 83e02760a9b0eafe2a7777741b8c49fb1794d33df2a40a140e0aace0b9148126
Instruction Fuzzy Hash: 08B219F360C204AFE304AE2DEC8567AFBE9EBD4720F1A853DE6C4C7744E57598058692

Function 0085098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

qrqp, xrefs: 00851089
%*+(, xrefs: 00850A77, 00850A86
&> &, xrefs: 00850F89
{, xrefs: 00851502
cah`, xrefs: 0085107E
gce/, xrefs: 00851073
,#15, xrefs: 00850F94
9.5^, xrefs: 00850F9F

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 879bbad6963709ca52759f155daa91feabf9c8b308dd55ca2a9764156c5b5a69
Instruction ID: ed2dd6cfb66a95415cea2fb4065bc65f69468c1edc03a4d4d6b5bdb824263fca
Opcode Fuzzy Hash: 879bbad6963709ca52759f155daa91feabf9c8b308dd55ca2a9764156c5b5a69
Instruction Fuzzy Hash: 7F62BBB56083818BD730CF18D895BABB7E1FF96315F04492DE89A8B641E3759848CF53

Function 00831000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

-, xrefs: 008321ED
0123456789abcdefxp, xrefs: 00831587, 008315F8
0123456789ABCDEFXP, xrefs: 0083157D, 008315EB
gfff, xrefs: 00832297
@, xrefs: 00832C40
gfff, xrefs: 00832226
gfff, xrefs: 008322E1

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: db49b2c84fbe1b0bd4f33d068f4904c195edc1a8bb7c70fca2bfa77a6c938e5f
Instruction ID: b3f9a39141950c281ed10ca0246c171200b96f76ef5d816ebe9155b3b55b5ddf
Opcode Fuzzy Hash: db49b2c84fbe1b0bd4f33d068f4904c195edc1a8bb7c70fca2bfa77a6c938e5f
Instruction Fuzzy Hash: A0D2CE716087518FDB18CE28C89436ABBE2FBD9314F188A2DE499CB391D774D945CBC2

Function 008312F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 00831DC1
0, xrefs: 0083243E
@, xrefs: 00833531
i, xrefs: 008328EA
0, xrefs: 00831E88

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 7a3787739698ba7d5669328205ae127c9ad207b5a3824a3da617dd665a82926a
Instruction ID: bedd6a42b0be9bd4367d668fc46e442197f60c88f9f2884d07502348336a7c59
Opcode Fuzzy Hash: 7a3787739698ba7d5669328205ae127c9ad207b5a3824a3da617dd665a82926a
Instruction Fuzzy Hash: E962ED7160C3818BC718CE28C49476ABBE1FFD5718F188A6DE8D9C7291E774D949CB82

Function 0083164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

+, xrefs: 00831573
0123456789abcdefxp, xrefs: 00831659
gfff, xrefs: 00831F57
gfff, xrefs: 00831F3C
0123456789ABCDEFXP, xrefs: 0083164F

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: bb2388c340cd17e4d5e32bc9328b2a7e2f5846c950322d89684e3346e40f59c1
Instruction ID: 1cab957f49c39f0110d4c4d42aee7ca821a96865c5264d33e425ea02cca100b5
Opcode Fuzzy Hash: bb2388c340cd17e4d5e32bc9328b2a7e2f5846c950322d89684e3346e40f59c1
Instruction Fuzzy Hash: 3AF19E3160C7918FC719CE29C48426AFBE2BBD9308F188A6DE4D9C7356D734D949CB92

Function 008313A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008313AD
gfff, xrefs: 00831F57
-, xrefs: 00831F23
gfff, xrefs: 00831F3C
0123456789ABCDEFXP, xrefs: 008313A3

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 48a914e26c07764238ad3314fb53168a4a01cf3b73fc1ee801033d05aaf76f92
Instruction ID: 547e5515a55aa93ff8b9ee326cd0909280ac48fc4c0f5b934af219ca507b43c7
Opcode Fuzzy Hash: 48a914e26c07764238ad3314fb53168a4a01cf3b73fc1ee801033d05aaf76f92
Instruction Fuzzy Hash: 3AD17C3160C7818FC719CE29C48466AFBE2BBD9308F08CA6DE4D9C7356D634D949CB92

Function 0085FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 0085FEC3, 0085FECB
:, xrefs: 00860087
NA_I, xrefs: 0086036D
uvw, xrefs: 0085FE95

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: aaf28f51e5895b6e9dfcdfd14bf7b9cf7ab752e52e8845557fa366b78df7e15c
Instruction ID: b35b765a0d17a035ee4a63bd0a7e781f52e3faa2bcdb31115b0a222dfe0c380f
Opcode Fuzzy Hash: aaf28f51e5895b6e9dfcdfd14bf7b9cf7ab752e52e8845557fa366b78df7e15c
Instruction Fuzzy Hash: 4F32A4B0508380CFD715DF28D884A2BBBE5FB8A304F158A6CE5D58B2A2D735D905CF96

Function 00843BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00843EC4
;z, xrefs: 00843C87
ss, xrefs: 00843C79
p, xrefs: 00843C80

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: ca9f3c483fd50d988a410f98770d01f0d0afad827b31c6ef4358f33d2b73d437
Instruction ID: b6a54239c81c557ebff2145e63c58f96884746eecddccd437a83c1723f317209
Opcode Fuzzy Hash: ca9f3c483fd50d988a410f98770d01f0d0afad827b31c6ef4358f33d2b73d437
Instruction Fuzzy Hash: B6024BB4810B00DFD760EF28D986756BFF5FB05300F50895DE89A9B696E331E419CBA2

Function 00A02483 Relevance: 5.4, Strings: 3, Instructions: 1652COMMON

Download Yara Rule

Strings

.AW, xrefs: 00A034F8
.,q, xrefs: 00A02D9B
6om, xrefs: 00A037D6

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: .,q$.AW$6om
API String ID: 0-712848753
Opcode ID: e9af2cdcf67c2f0323ffb2ac819da3974bf65cc7714fe23bde7fedd25069ca41
Instruction ID: 6e63fa849a54ac8f279b03c1bb0e6a44b67d84486815a3d95bda84abc3c10b98
Opcode Fuzzy Hash: e9af2cdcf67c2f0323ffb2ac819da3974bf65cc7714fe23bde7fedd25069ca41
Instruction Fuzzy Hash: 21B22CF3A0C2009FE704AE2DEC8567ABBE6EFD4720F1A853DE5C4C7744E93558058696

Function 009F82FB Relevance: 5.4, Strings: 3, Instructions: 1637COMMON

Download Yara Rule

Strings

ph?f, xrefs: 009F9666
[sf, xrefs: 009F8C67
lu~W, xrefs: 009F8CB7

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: [sf$lu~W$ph?f
API String ID: 0-59500182
Opcode ID: 8789e2ddc80a76e67818a300d2f930990b57103f12bbde41f9e24a8f343d3719
Instruction ID: 9ba1efd6d1308ffc289feca3ecc150263b0fb5b924a4add05720c44ab9afad50
Opcode Fuzzy Hash: 8789e2ddc80a76e67818a300d2f930990b57103f12bbde41f9e24a8f343d3719
Instruction Fuzzy Hash: 29B217F360C2049FE3046E2DEC8567ABBE9EF94320F1A853DEAC5C7744EA3558058697

Function 00852260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 0085232F
sj, xrefs: 00852327
a|, xrefs: 00852317
lc, xrefs: 00852507

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 8fa79acb20f3555e42fa9380d95928463f38da47c7f173f90136feb3a1822ffb
Instruction ID: a3f1af2634df99629811c4f2ef546a1cc1e58075123808104b064548b8919894
Opcode Fuzzy Hash: 8fa79acb20f3555e42fa9380d95928463f38da47c7f173f90136feb3a1822ffb
Instruction Fuzzy Hash: 39A19C744083418BC720DF18C891A2BB7F0FFA6355F589A0CE8D59B3A1E739D949CB96

Function 00A05B3E Relevance: 5.3, Strings: 3, Instructions: 1541COMMON

Download Yara Rule

Strings

u?, xrefs: 00A06A49
1+I{, xrefs: 00A06142
"[I0, xrefs: 00A061E7

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: "[I0$1+I{$u?
API String ID: 0-136794253
Opcode ID: 1f600cb4a120b36923f20db219450f59a4dc52d8e5dd95941880d27dbe7544b6
Instruction ID: a7b409f68f3077f1f4bd49ef52f882d6eacbd25d6fd38b41a9f68519068ecc8c
Opcode Fuzzy Hash: 1f600cb4a120b36923f20db219450f59a4dc52d8e5dd95941880d27dbe7544b6
Instruction Fuzzy Hash: 1EA227F3A082049FE3046E2DEC8577ABBE5EF94320F1A4A3DE6C5C7744E63598018697

Function 0085D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

#', xrefs: 0085D9EA
T>, xrefs: 0085D984
KV, xrefs: 0085D97D
CV, xrefs: 0085D98B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 0f302d7ba15ad382e235e819229cc2902c686bbecc94947a20ffe754fca8a748
Instruction ID: 37c34fbc896c0008b9a5b7b6bd52133be426ee3617651a81a0424358f331f218
Opcode Fuzzy Hash: 0f302d7ba15ad382e235e819229cc2902c686bbecc94947a20ffe754fca8a748
Instruction Fuzzy Hash: 758145B48017459BCB20DF95D28515EBFB1FF12301F605A0CE886ABA55D330AA55CFE2

Function 0085AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

,{*y, xrefs: 0085AD07, 0085AD13
4c2a, xrefs: 0085ACA9
lk, xrefs: 0085ACBC
(g6e, xrefs: 0085ACA1

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: dccb822672a9c770f35dc602cb9480ad426a0e753d50ebd45193ec6d9680bd58
Instruction ID: 011b44cc134de4a08a83f3ca120e6edcf835240e58b20028d5ccb5dc3cca4cfc
Opcode Fuzzy Hash: dccb822672a9c770f35dc602cb9480ad426a0e753d50ebd45193ec6d9680bd58
Instruction Fuzzy Hash: FE4185B4408381CADB209F24D844BABB7F4FF86306F54995DE9C897220EB31D949CB96

Function 0085C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0085C9E4, 0085C9ED
~/i!, xrefs: 0085C537
%*+(, xrefs: 0085C8C3, 0085C8CB

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: d1daff7e5bcd2854f34106b4041a0d210e5c333a900a5b3709b126bb2fa0ff43
Instruction ID: b5896d5ebeda41263f2924c2f7e72d6bc910dacc4d185213f14ce5daf5fe1a95
Opcode Fuzzy Hash: d1daff7e5bcd2854f34106b4041a0d210e5c333a900a5b3709b126bb2fa0ff43
Instruction Fuzzy Hash: 93E185B5508344DFE720DF28D885B2ABBE9FB95345F48882CE5C98B251EB31D815CF92

Function 00838590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00838616
IEND, xrefs: 008389F0
), xrefs: 0083860C

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: b6b80ff81488f9515c0e45a3c1f8fa4e5ab07514a42ad6f4728ac96215da7500
Instruction ID: 29d2955c39876fb4cfab3e643493506bcc37ed5d81c1fc9f6e084c6ffc893d23
Opcode Fuzzy Hash: b6b80ff81488f9515c0e45a3c1f8fa4e5ab07514a42ad6f4728ac96215da7500
Instruction Fuzzy Hash: 59E169B1A087059FE310CF29C88572ABBE0FB94314F144929F999D7391EB75E915CBC2

Function 009FD4AE Relevance: 4.0, Strings: 2, Instructions: 1543COMMON

Download Yara Rule

Strings

N.s, xrefs: 009FDA3F
BE^{, xrefs: 009FDD7D

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: BE^{$N.s
API String ID: 0-2125608386
Opcode ID: 9c8d9384dbaac38a36473c2189d90e5c58c708a8500bab25df90a1a529218eef
Instruction ID: 92a49b0cfb76e142633d0a10dda9e10436b8f7c55c4534ddee0c72ca91ecfea7
Opcode Fuzzy Hash: 9c8d9384dbaac38a36473c2189d90e5c58c708a8500bab25df90a1a529218eef
Instruction Fuzzy Hash: CEB2E5F360C204AFE304AE2DEC8567AFBE9EF94720F16493DEAC487744E63558058697

Function 00A07E0E Relevance: 3.3, Strings: 2, Instructions: 817COMMON

Download Yara Rule

Strings

~]u, xrefs: 00A08693
gq8, xrefs: 00A0871A

Memory Dump Source

Source File: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: ~]u$gq8
API String ID: 0-2311635561
Opcode ID: fae39f869c0428676152d82c91d57c3dfa212828990ae1d1fba627b610655dbf
Instruction ID: 6504fb8751721be38a0029bf82f86464f5fcc67fb0c31e587b1dec09f66c7de6
Opcode Fuzzy Hash: fae39f869c0428676152d82c91d57c3dfa212828990ae1d1fba627b610655dbf
Instruction Fuzzy Hash: 0142D4F250C2049FE3046F29EC8567AFBE5EF94720F16893DEAC883744EA3558548B97

Function 00874040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 0087420C
%*+(, xrefs: 008740A4, 008740AD

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 823659124295761ffb69441ba41ec4122f7cb65d562a04ceffb94030a501c3a3
Instruction ID: 19f4997cbdb73c7a79ccf450c6395137719127fd8542a883b0373c963c19fe63
Opcode Fuzzy Hash: 823659124295761ffb69441ba41ec4122f7cb65d562a04ceffb94030a501c3a3
Instruction Fuzzy Hash: 531299716083419FC714DF18C880B2ABBE6FB89318F58CA2CF499DB295D735E945CB92

Function 0086F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 0086F6E6
dg, xrefs: 0086F7F5

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: cc42bcbabb4e1c86ea5969b374bcf81689d59435562fdee150073732b8361347
Instruction ID: a70a2d02e073051629da6eb1852b588fab90af7365cd71ef288802014bb5fe6d
Opcode Fuzzy Hash: cc42bcbabb4e1c86ea5969b374bcf81689d59435562fdee150073732b8361347
Instruction Fuzzy Hash: 22F18471618341EFE714DF28D891B2ABBE6FF85344F15992CF6858B2A2C734D845CB12

Function 008335B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 00833607
NaN, xrefs: 0083360E

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: fb656dff7b375fb333b3401e5efae5957298bfd4fa0669b29ae879e398ef42ef
Instruction ID: 12f86ba81f48b2241c4602a29d5e273262c8b62af5e21d18161939e82877ab12
Opcode Fuzzy Hash: fb656dff7b375fb333b3401e5efae5957298bfd4fa0669b29ae879e398ef42ef
Instruction Fuzzy Hash: FED1D1B1A087119BC704CF69C88061ABBE1FBC8750F258A3DF999D73A0E675DD058BC2

Function 0084FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 008500F6
BaBc, xrefs: 00850197

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 5af52445e9d3b6c2f60cb1bc1e9b0c3cbbb546275e1c71c559f9b2012783de21
Instruction ID: b686ad76e4b2a9ac0eb63e7575a77ca2532159172a2815f8a885ce923a3d9256
Opcode Fuzzy Hash: 5af52445e9d3b6c2f60cb1bc1e9b0c3cbbb546275e1c71c559f9b2012783de21
Instruction Fuzzy Hash: F851BBB16083858BC331CF18C881BABB7E0FF96351F08491DE89ACB691E3749948CB57

Function 009760A1 Relevance: 2.6, Strings: 2, Instructions: 148COMMON

Download Yara Rule

Strings

SuW, xrefs: 009761CE
:,U}, xrefs: 0097621C

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: :,U}$SuW
API String ID: 0-2668836314
Opcode ID: 2d87b225d62c5763e47614ea55ab5f375d5f4bdd9d8bc797d7a8aa84f09c143e
Instruction ID: ae4cab0dd588c2f9fd8ccb784dafe46c9033121b3d9b8d1ffb27e76d866118c2
Opcode Fuzzy Hash: 2d87b225d62c5763e47614ea55ab5f375d5f4bdd9d8bc797d7a8aa84f09c143e
Instruction Fuzzy Hash: 8E4134F3E092109BE3042E29DC8576ABBD9EF94724F26453EDAC557340D9791C0587C7

Function 00835160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 008354C8

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 6e081a2260bd316014c0437c79a2d50808aa613c65ebf0a08f2b9536601869e8
Instruction ID: 32c2953676a4a9d15a6ed7c74734e77e2feea36679697f0a28b9ec91e8e782f8
Opcode Fuzzy Hash: 6e081a2260bd316014c0437c79a2d50808aa613c65ebf0a08f2b9536601869e8
Instruction Fuzzy Hash: F222C0B6A08B468BE7258E18D940327BBA2FFE1318F19856DD899CB351E771DC05C7C2

Function 008612D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 008615D1

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 4630355093229ed0ed3ccf4caa8ae9d517091bb8e0f908e2f1d3e4dc4815586c
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 1FF12571A083454BCB24CE28C49962BBBE6FBD1354F1EC56DE89AC7383DA34DD058792

Function 0085AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0085B2D3, 0085B2DB

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 353c4919b2085a80c6aa8fda7988e6eb4486746a99d0300258df670523b72519
Instruction ID: 3ee601895b33b291d6416272b9ec111ad43f5d302598bca2f508c86e553bca17
Opcode Fuzzy Hash: 353c4919b2085a80c6aa8fda7988e6eb4486746a99d0300258df670523b72519
Instruction Fuzzy Hash: 33E1B975508706CBC724DF28C89056FB7E2FFA8792F548A1CE8C587260E731E959CB92

Function 00846EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00846EF3

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b020ca9083a1bdc45f769a7bc208b368cc19fd0486d7537629432874f1de2394
Instruction ID: 42f16873f67013bd01ceb2061c7a647c73a618abd807587a8300a4ce9d8e8f0d
Opcode Fuzzy Hash: b020ca9083a1bdc45f769a7bc208b368cc19fd0486d7537629432874f1de2394
Instruction Fuzzy Hash: AAF18FB5A00609CFD7259F28D881A26B3F2FF89314B14892DD597C7692FB31F865CB42

Function 00857E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00858263, 0085826B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5b90b73f740503fd2b782decb5fe95d07873fda90967d3f0afef7f78ea1bc722
Instruction ID: 1d3b53705de77721fd386032f83dd26a716736a39be7bf1c6b342b015bb413d0
Opcode Fuzzy Hash: 5b90b73f740503fd2b782decb5fe95d07873fda90967d3f0afef7f78ea1bc722
Instruction Fuzzy Hash: 53C19BB1508200EBD710AB18D882A2BB7F5FF95756F088819F8C5E7251E734EC09DBA3

Function 00858D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00859233, 0085923B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8e903332017e5b5fbf024ac3d8ae005bb0d294a9876812f10c261c3bf93a104f
Instruction ID: ba616f6f5c4bb0e7d61d662465203836c7d09f07d0bfd21c676f49c032589902
Opcode Fuzzy Hash: 8e903332017e5b5fbf024ac3d8ae005bb0d294a9876812f10c261c3bf93a104f
Instruction Fuzzy Hash: 14D1BB70618302DFD744DF68D890A2AB7E6FF88315F49896CE886C7291D734E958CF52

Function 00877FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00878167

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 3f77df25a5e343e1227c99c8c8269245ceb99dfb6e1ea6c73efdb14f006bdc04
Instruction ID: a1de12d1e70765d07445490176c6c5d13b9d66c9b915f84605fdc08b2f29c23a
Opcode Fuzzy Hash: 3f77df25a5e343e1227c99c8c8269245ceb99dfb6e1ea6c73efdb14f006bdc04
Instruction Fuzzy Hash: CED1E3329483658FC725CE18989471EB6E1FB85718F19C62CE9B9AB388CB71DC46C7C1

Function 0085CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0085CDC3, 0085CDCB

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: b769f70945ab8d97033364d7e863df191a72b73ac85aab9e1d3d866442b89fc1
Instruction ID: ab4670507343e2e17cec3742b99c3939e6e354ef4dc4b4009c6f2dfb91aecb0d
Opcode Fuzzy Hash: b769f70945ab8d97033364d7e863df191a72b73ac85aab9e1d3d866442b89fc1
Instruction Fuzzy Hash: 67B1DD706083058FDB14EF18D881A2BBBE2FF85346F14492CE9C5DB291E735E859CB92

Function 0083A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 0083A9C3

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 997e9e4493884cb2a2a6e3e9e828ef3ca5f0f9a77238f4b0ff077610bfdda259
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: DCB106712083859FD325CF18C88061BFBE1AFA9704F448E2DE5D997742D671EA18CBA7

Function 0086FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0086FCA4, 0086FCAD

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 966fac07abc2284287b07e5e55a0bc0b23839bf26c692fb02d8063b69e69947d
Instruction ID: 1b2148672eceb485e2cd3990c30a349f34998802a6a9010c5e6045c8ee0d6fa0
Opcode Fuzzy Hash: 966fac07abc2284287b07e5e55a0bc0b23839bf26c692fb02d8063b69e69947d
Instruction Fuzzy Hash: 7A81CC70118304EBD710EF68E885B2AB7E5FB99745F05882CF689D7292DB31E814CB63

Function 0084D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0084D663, 0084D66B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c1bbefb756d21d3da10066a25614401bef827046e5667c78e0b50a42077d7bb1
Instruction ID: 9722744601b0379851a76257268d7462bf24fd1c2914f476467f2a5ba2ca164f
Opcode Fuzzy Hash: c1bbefb756d21d3da10066a25614401bef827046e5667c78e0b50a42077d7bb1
Instruction Fuzzy Hash: F161D1B6908318DBD710EF18DC42A2AB3B4FF95354F09492CF985DB252E731D915CB92

Function 00874A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00874C33, 00874C3B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 72ce7a4b3316a15657dc02ed57e18dde1b59e1a98f1bf6b78e6113a734dd2a78
Instruction ID: 5c015e816b637575a51e05fbd716a887c6ce4ada8b7c4c2284344c3e085380c1
Opcode Fuzzy Hash: 72ce7a4b3316a15657dc02ed57e18dde1b59e1a98f1bf6b78e6113a734dd2a78
Instruction Fuzzy Hash: C661CD716083059BD711DF69C880B2AB7E6FBC4324F28D91CE599C72A9D771EC50CB92

Function 008E5CFF Relevance: 1.4, Strings: 1, Instructions: 194COMMON

Download Yara Rule

Strings

$[, xrefs: 008E5F14

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: $[
API String ID: 0-2520182344
Opcode ID: 61ba6cee6ec69ac540055bb2248ed40e47967d761584e6ebeab189c3b2c0fe10
Instruction ID: 87e9eca8bde63f1d61be2c61c9cdaaa29c425c9242bce7da018fa47e505bd6c1
Opcode Fuzzy Hash: 61ba6cee6ec69ac540055bb2248ed40e47967d761584e6ebeab189c3b2c0fe10
Instruction Fuzzy Hash: B25115F3E083145BE3146E3DEC8673AFAD5EB90720F1A463DEA8987780F97949058186

Function 0083E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0083E333

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 66b468e35e1d724b005968ee5a6ef7591ba5b9db31301e0113fb577cdce05db5
Instruction ID: b2dc99f0283128c62290a282c0c1558b6fc6cddf810a687e611b7aa7313ea9bf
Opcode Fuzzy Hash: 66b468e35e1d724b005968ee5a6ef7591ba5b9db31301e0113fb577cdce05db5
Instruction Fuzzy Hash: C4511523A196948BD328893C8C552AA7A876FE2338F2D8769E9F5CB3E5D555880483D0

Function 00873920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008739E3, 008739EB

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: fd907a4dd05851ada5be5b27f1740ee79a4911dd0d1f32b837c8f53aaab8a3d5
Instruction ID: 11bedfbe8fbfe37877228193a0e56744d040a04842a95c7e329af19f846db4f4
Opcode Fuzzy Hash: fd907a4dd05851ada5be5b27f1740ee79a4911dd0d1f32b837c8f53aaab8a3d5
Instruction Fuzzy Hash: 69519E306096109BCB24DF19D881A2AFBE5FB86748F18C82CE4CAC7255D372DD10EB63

Function 00841BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00841C3E

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: e8e1235453f3cd33cfb506fbb8ee3b0ddb438665f6c35ee919ed6615019b1d1c
Instruction ID: ba86fc6af96d1f273621db5716bc7234c37cf2e3647ba554e1d307bd4c7ad110
Opcode Fuzzy Hash: e8e1235453f3cd33cfb506fbb8ee3b0ddb438665f6c35ee919ed6615019b1d1c
Instruction Fuzzy Hash: 0C414FB44083889BCB149F28D898A2FBBF0FF86714F04991CF5C59B291D73ACA45CB56

Function 0086FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00870033, 0087003B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f59ab20030513e458ab9d9cc997705d70ed6d9f38dd425a8c2db9128bd3cadf0
Instruction ID: 23da11ae0868a01e07d27849c952596468d9a8f243c237903ca23ef7cc734e60
Opcode Fuzzy Hash: f59ab20030513e458ab9d9cc997705d70ed6d9f38dd425a8c2db9128bd3cadf0
Instruction Fuzzy Hash: 963103B5908305EBD610EA58DC81F2BB7E8FB81758F148828F889D7256E731DC10CBA3

Function 0085E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 0085E6A2

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: f92b21e1b81036ae7688dfb7347ea6fba8bbc050aebccc7021a20669fc79b899
Instruction ID: 87fca80ee6ad3e925f8411d843e127d966c731b2a09a6dc9a681ff30eb4c2628
Opcode Fuzzy Hash: f92b21e1b81036ae7688dfb7347ea6fba8bbc050aebccc7021a20669fc79b899
Instruction Fuzzy Hash: 4331E4B5900204CFCB20CF98EC845AFFBB9FB5A745F540468E846E7301D735AA09CBA2

Function 00846F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0084703B

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 672f8545e47b2430e4fe103d40b99027d2891293ec30804835b0092eba3b191c
Instruction ID: 65f62cad8984a77f5a7b353079eea812b6018fc8de87491a75cb4a44f0eb8289
Opcode Fuzzy Hash: 672f8545e47b2430e4fe103d40b99027d2891293ec30804835b0092eba3b191c
Instruction Fuzzy Hash: 70414475206B08DBD7348B65D994B26BBF2FB49705F148818E68A9BAA1E331F8108B10

Function 0085E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 0085E6A2

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: a02b7a37adebe80a960ea4e63239921e67d0e1354ebfb802bd769a1339959ee5
Instruction ID: 710cbf0e3dfdc9b86dbe0be0a1f45d5f6836de22268241f7aafc29519396d0bc
Opcode Fuzzy Hash: a02b7a37adebe80a960ea4e63239921e67d0e1354ebfb802bd769a1339959ee5
Instruction Fuzzy Hash: 4B21BFB5900204CFCB24CF98DD8456FBBB9FB5A745F540858E846EB301C335AA05CBA2

Function 00879CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00879D30

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 7dc4793604440f2bdfe9bb1907d00c686033ffe181df2e291670d33bc1f18c72
Instruction ID: 7c25f7aecff3166cbeb06358d33acafb26ec87f1ea623471f29440e007898d5a
Opcode Fuzzy Hash: 7dc4793604440f2bdfe9bb1907d00c686033ffe181df2e291670d33bc1f18c72
Instruction Fuzzy Hash: 393158705093009BD324EF19D880A2AFBF9FF9A354F14C92CE5C997255D375D904CBA6

Function 00844E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eff8487ec3963292824edb481c4dfdd1133764d4a2bd7c3fa141a6745aeabc9a
Instruction ID: 5389299c2683252a0b33126eac8ad0f0ef2522416d478e577c46b325d81a29dc
Opcode Fuzzy Hash: eff8487ec3963292824edb481c4dfdd1133764d4a2bd7c3fa141a6745aeabc9a
Instruction Fuzzy Hash: ED6246B4500B048FD725CF28D980B2AB7E5FF56704F54892DD49ACBA52E774F848CB91

Function 0083BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: c5498a8937cf5577327fbee4ba91eac881f92fde734a3541805d356cfce28ac4
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 4652E7329087158BC7259F1CD8402BAB3E1FFD5319F298A2DD9C6E7290E735A851CBC6

Function 00878652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e4ab128ddc231c86b8ff2a3ae67c150b9bdb5224a9c193a3b8edc745afa1631
Instruction ID: d644cd2e8251ff4f370d5abf42ef3ba4ab427d93f50f8be8985e87f91e853564
Opcode Fuzzy Hash: 7e4ab128ddc231c86b8ff2a3ae67c150b9bdb5224a9c193a3b8edc745afa1631
Instruction Fuzzy Hash: 0C22983A618342DFC704DF6CE89062ABBE1FB8A315F09896DE589C7361D735E950CB42

Function 008786F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a57be06e31f04ac0f85ae9cf3e9bfa4e911e93ea5692e4cf5a671bcf764e42
Instruction ID: 2cee5f6a8d4770651e744e9bffc31d855bcd7a560673f8cab953c0908c1afdb8
Opcode Fuzzy Hash: b5a57be06e31f04ac0f85ae9cf3e9bfa4e911e93ea5692e4cf5a671bcf764e42
Instruction Fuzzy Hash: 1D228836618342DFC704DF6CE890A2ABBF1FB8A315F19896DE58987361D735E850CB42

Function 0083B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 090a1bd11e5e7210e1e0ae7b7490d8ac22405ab53652e4b5f5895daa17c53755
Instruction ID: 79e3818cd0cfa50e6372671002a29e4b421484406755f0b35fc86aab63f3125d
Opcode Fuzzy Hash: 090a1bd11e5e7210e1e0ae7b7490d8ac22405ab53652e4b5f5895daa17c53755
Instruction Fuzzy Hash: 715282F0908B888FE735CB24C4847A7BBE2FFD1314F14492DC6D686A82D779A985C791

Function 008371F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c3344a16b2b9834d31171b00b04e7f55ded3b4098a275dea222d6d0da20f62c
Instruction ID: 6933d0c54a498a47b47cb72f56e98664b54109e3deb54698b68ed7154edaa247
Opcode Fuzzy Hash: 7c3344a16b2b9834d31171b00b04e7f55ded3b4098a275dea222d6d0da20f62c
Instruction Fuzzy Hash: A85290B150C3498FCB25CF29C0906AABBE1FFC8318F198A6DE89997351D774D949CB81

Function 00838FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3486b3b8a9733b081ff0d711ed8b227af830d617a37ca69863f6560c146c26
Instruction ID: a6f0416ed1d7657797d9b819f8f26a0d373afd1d023c296e096b6bb051f7d24e
Opcode Fuzzy Hash: 6c3486b3b8a9733b081ff0d711ed8b227af830d617a37ca69863f6560c146c26
Instruction Fuzzy Hash: A7425375608301DFD718CF28D85476ABBE1FB88315F0988ACE8998B3A1D775D985CF82

Function 00837BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf7294fc9b10a30fc16f8b952bbbe25e25e5aeaecdb48808fc37fc3e1672120
Instruction ID: f4a96aa4d272f7be861fc265eed10d513194512f11cbe2b006bfc340b6b1d0f2
Opcode Fuzzy Hash: aaf7294fc9b10a30fc16f8b952bbbe25e25e5aeaecdb48808fc37fc3e1672120
Instruction Fuzzy Hash: AF3201B0515B158FC378CE29C59052ABBF1FF85710B604A2EE6A787B90DB36F845CB90

Function 008789A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8913463900f2a1f40480525e726d3526b13e98688e25c2b2a343a743b9ee8376
Instruction ID: 3ee80afa2eb4f57ff94a960596ef0a62bb30af980ea3fc5d7e9060980b97048f
Opcode Fuzzy Hash: 8913463900f2a1f40480525e726d3526b13e98688e25c2b2a343a743b9ee8376
Instruction Fuzzy Hash: CB02873560C242DFC704DF6CE880A1ABBE1FB8A315F09896DE5D987361D736D854CB92

Function 00878A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5c338ee5ee00aaa22eefce8da8d6983c85ff8249ec852abfd2847e24756e9b
Instruction ID: bd7bf912bba39ecb87561871cfa071e31637392e3b1af8046a9e7aa476828f34
Opcode Fuzzy Hash: af5c338ee5ee00aaa22eefce8da8d6983c85ff8249ec852abfd2847e24756e9b
Instruction Fuzzy Hash: 91F1553560C241DFC705EF6CE880A1ABBE1FB8A315F09896DE4D9C7262D736D914CB92

Function 00878C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7dcd5265033f5f1989ff28ca5d943eb081d8c5a6c2395454b15b693bd8c7ef4
Instruction ID: 4912edffd4354cb92e0e5be2e1e24d37320e9564f73de6d0f96e9fab3b91e527
Opcode Fuzzy Hash: d7dcd5265033f5f1989ff28ca5d943eb081d8c5a6c2395454b15b693bd8c7ef4
Instruction Fuzzy Hash: D7E16836618241CFC704DF2CE88062ABBE5FB8A315F09896DE5D987361D736E914CB92

Function 0083A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 9f1218a524c693dc7fce264f45551c808d0e22275536b29abb11d94ba96730f5
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 16F19A766087458FC728CF29C88166ABBE6FFD8300F08882DE4D5C7751E639E945CB92

Function 00878E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2ae211b7cd698f9ae63d38c26b47287692f8cc197c20cda93fe9547dd580521
Instruction ID: 623321ebdd90b3058188f95075bffd477f03853cc354703f235a62872b7bdf06
Opcode Fuzzy Hash: b2ae211b7cd698f9ae63d38c26b47287692f8cc197c20cda93fe9547dd580521
Instruction Fuzzy Hash: A0D1783561C281DFD705EF28D880A2ABBF5FB8A315F09896DE4D987252D736D810CB92

Function 00844487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3733950d695fe5e31c5ec44443cfbb78b769eab17129f82b8453394f914426ae
Instruction ID: c7b49307c8f71046911048b7d1b03e241d6d26d8eb163282d28edf3afdfaff76
Opcode Fuzzy Hash: 3733950d695fe5e31c5ec44443cfbb78b769eab17129f82b8453394f914426ae
Instruction Fuzzy Hash: 34E10FB5601B008FD321CF28D996B97BBE1FF06704F04886CE4AACB762E775B8148B54

Function 00876CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f476750466dac067d0ce751d58508b2ec2dde5744cad07b5c11ec6719fea11c1
Instruction ID: d31658e706696811f2a1202241dd21317f470479f46c866bb6f15da361c78f21
Opcode Fuzzy Hash: f476750466dac067d0ce751d58508b2ec2dde5744cad07b5c11ec6719fea11c1
Instruction Fuzzy Hash: 4AD1BB36618755CFC714CF2CE88052ABBE2FB89314F098A6CE895D73A1D735DA44CB91

Function 00877AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4968e17da54b21faea8ac8ed1c95688a5747a590e6553eabd63c88ee314130d
Instruction ID: b9d53f37591adcb6bbfdc3391eff11a5380bda3f496b6a8d85bc5cace7e758fe
Opcode Fuzzy Hash: b4968e17da54b21faea8ac8ed1c95688a5747a590e6553eabd63c88ee314130d
Instruction Fuzzy Hash: BDB1F4B2A083504BE324DA68CC4576BB7E5FBC9314F08892DE99DD7396E635DC04C792

Function 0083AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: dedd4160be3251b1ae3d5362ee811ac6cee5c908dd21cf1ef1293314f109a47b
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 73C15CB2A087458FC360CF68DC967ABB7E1FF85318F08492DD2D9C6242E778A155CB46

Function 00846536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54058d2782e8456ebd853abb3969cb4fea73d6d25f9151172d1c6292f9c76a9
Instruction ID: 2ed26a0e789f32eaff6b648344b8241363ce950dbd77a6173bf2fce554cc4121
Opcode Fuzzy Hash: e54058d2782e8456ebd853abb3969cb4fea73d6d25f9151172d1c6292f9c76a9
Instruction Fuzzy Hash: 2DB110B4600B448BD3218F28C981B27BBF1FF46704F14885CE8AA8BB52E735F815CB56

Function 00877710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 35ea900e8b57b120dc331af3198f4bea4e2e1e65a991799275bc8f1f9bdc3d98
Instruction ID: c3770ffdcc3facdd76828e6f7c3cdd775cd25f99a2a4501c1eb64091f9bf4daa
Opcode Fuzzy Hash: 35ea900e8b57b120dc331af3198f4bea4e2e1e65a991799275bc8f1f9bdc3d98
Instruction Fuzzy Hash: DA916971609301ABE720DA28D880B6BBBE5FB85354F548828F999D7356E730E950CB92

Function 0087A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c8789d03262a2cf82f3b4bc04293cc4312106347ccb337765ab60f2f8e5430
Instruction ID: da3313e9c93f8e80cdfe2d0766a760997351eaf046b58ae66de15317d19baac2
Opcode Fuzzy Hash: 20c8789d03262a2cf82f3b4bc04293cc4312106347ccb337765ab60f2f8e5430
Instruction Fuzzy Hash: 5F816C342087058BD728DF28D880A2EB7E5FF89754F55C92CE58AC7256E731E8508B93

Function 008664F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cda9a6b09980f66e0f879808862c3ad3f14234dc1b1a79955473acc40a802ec
Instruction ID: 264f4943c06224a94554892a529d59ac263b403f4c2bf8df3fa8ca897b68f569
Opcode Fuzzy Hash: 1cda9a6b09980f66e0f879808862c3ad3f14234dc1b1a79955473acc40a802ec
Instruction Fuzzy Hash: 3171E833B19AD047C3148D7C9C86395AA53ABE6338F3EC379A9B5CB3E9E5258C154341

Function 008528E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe8eba5bd8c8742cee53613e58703c54b9dc3713d7af07a33825506ea0a70dd
Instruction ID: 44f8389278b1b4c2b05badbb2a8b6feb49af73cfc6c6930faeffe5b19ba4fe9c
Opcode Fuzzy Hash: 9fe8eba5bd8c8742cee53613e58703c54b9dc3713d7af07a33825506ea0a70dd
Instruction Fuzzy Hash: 996186B44083508BD310EF18D841A2ABBF0FFA6756F18491CF8C59B261E739D918CBA7

Function 00857C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d0038bc2880fd1a59899784458747f4505050224777dea8b98de27cef0efae
Instruction ID: 65da1adeb77655397fc8a6437a9c4ca0b8737966fb3c0ba3ed8067c3de253a40
Opcode Fuzzy Hash: d5d0038bc2880fd1a59899784458747f4505050224777dea8b98de27cef0efae
Instruction Fuzzy Hash: D451BDB1608205ABDB209B24DC82B7733B4FF85769F148958F985CB291F375EC09C762

Function 0096BDBD Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddabc42804772eeae577984ad47bec32ba4afa37f86beec69eaeac44197836f8
Instruction ID: 73ed19e6e31ec91fa43a6de4bd78e2f7545b8df83ed4a9e8477ae783dae8f6d1
Opcode Fuzzy Hash: ddabc42804772eeae577984ad47bec32ba4afa37f86beec69eaeac44197836f8
Instruction Fuzzy Hash: 836125F3E042145BF7045E38EC5577ABAD5DB94320F2B063CEED9977C0E93A58098686

Function 00861860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 9349aa2f68d6870fb6376c0fa6724dca105b2858b114ca423f996fb47750afdf
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 7061DC31609325ABDB14CE68C58832EBBE2FBC5351F6EC92DE489CB252D670DC819741

Function 008682D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63833ca15f88b79908a718b3cc226155817f4d86ffd800f127705b866435e601
Instruction ID: bb6a35582cfc7b554befa20a32c3a10cebcd74aba50bc58de80dc54a1c243971
Opcode Fuzzy Hash: 63833ca15f88b79908a718b3cc226155817f4d86ffd800f127705b866435e601
Instruction Fuzzy Hash: 7C614A23A5AA90CBC314453D5C5A3A66A83BBD6338F3FC36998F9CB3E4CD6988414341

Function 008442FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d93c6bf2c1afddc10f7542029ea2762c4b34feaedfe9a3837af6ef49b3df778
Instruction ID: a83dc173eb636817fb80fc823d03030557dc584b5e6a981e72be37ed1b41f817
Opcode Fuzzy Hash: 9d93c6bf2c1afddc10f7542029ea2762c4b34feaedfe9a3837af6ef49b3df778
Instruction Fuzzy Hash: 7A81BDB4810B00AFD360EF39D947757BEF4FB06201F504A1DE4EA96695E730A4598BE3

Function 008C3CE2 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 277c1e01a3b96b898ffbf554ec83fead76413c3e03e9a7935392ab6546b750fb
Instruction ID: c237e74c19a047d31718fa82da9010886bbf2a6c084a9643e633a9bb6d57f6d4
Opcode Fuzzy Hash: 277c1e01a3b96b898ffbf554ec83fead76413c3e03e9a7935392ab6546b750fb
Instruction Fuzzy Hash: 4E51F4F360C2009FE308AE29DC9577ABBE6EF94310F16453DE6C687784EA3558458647

Function 0086E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 8f437d4cf52040162ced84bd2649b2d373d9dd822f81706766850e86ece8ecde
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: A4517CB56083548FE314DF69D89435BBBE1FB85318F054E2DE4E983350E379DA088B82

Function 00877520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4db97df31f7dabae67e96dab0b003c2315a5e7ba221be18b431793d60889a54
Instruction ID: 5c8963ca9d9d34466802753d18ddc9509984f83bf6b18c5f17106f79e09407c8
Opcode Fuzzy Hash: c4db97df31f7dabae67e96dab0b003c2315a5e7ba221be18b431793d60889a54
Instruction Fuzzy Hash: 4151C53160C2109BC715AA1CDC90B2EB7E6FB95758F28CA2CE5A997395D731EC10C752

Function 00835A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a8a6ecbfc004274e90a9f7e1e104534bbf3ac4feabfbdc6b7e5fbe5c13bd319
Instruction ID: fdfe0e9fa75b9c0664c1a9e0231bf2a1ff67cc7d536d05adc9d7c9951eca46c6
Opcode Fuzzy Hash: 7a8a6ecbfc004274e90a9f7e1e104534bbf3ac4feabfbdc6b7e5fbe5c13bd319
Instruction Fuzzy Hash: 53518DB5A047149FC7149F18C89092AB7A1FFC9328F15466CE899DB352D731EC42CBD2

Function 0097E7F7 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10fc521e143d72467d3a312bce09493bb6c2cff8ca6d6ac12cc435faf7b0af81
Instruction ID: e71158d6c1a54c798840e0ec58312f255aa6dfdac4f6e6fc5af3cce76de1956f
Opcode Fuzzy Hash: 10fc521e143d72467d3a312bce09493bb6c2cff8ca6d6ac12cc435faf7b0af81
Instruction Fuzzy Hash: 4C4156B3E082145BE3186D3CDC9977BB699EF54320F1A463D9ECAD3780E9395D0842D2

Function 0085EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e61f06a7423722a5c381afd1be9bf4659effa7e84fe824adb899e5d57805f5
Instruction ID: 1cbba285a2b5b221b19896d6fe11355bafb63fc26f64c010e4496f09f4cdc27f
Opcode Fuzzy Hash: 68e61f06a7423722a5c381afd1be9bf4659effa7e84fe824adb899e5d57805f5
Instruction Fuzzy Hash: DB41CF74900329DBDF24CF58DC91BADB7B1FF0A301F444548E945AB3A0EB38AA55CB91

Function 00879B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2881ecc1a38b5cb03d2c5d6d5b0b8b029cffad48b390fa6b23655c0dbab2b6d5
Instruction ID: 24446cde4a0f463c94385aa1a4d31fea23f5af87f518a5e82b541999f1effffe
Opcode Fuzzy Hash: 2881ecc1a38b5cb03d2c5d6d5b0b8b029cffad48b390fa6b23655c0dbab2b6d5
Instruction Fuzzy Hash: 36417B74208300ABDB15EB19D990B2ABBE6FBC5724F54C82CF5CAD7255D335E800CB66

Function 00842030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25cbf67aeecc27dc132f6445d94f10ee2bb207cdfc8ff2b651f09d313be473c9
Instruction ID: d5c5eb0a1e0a99af60ce0f20aabc7861903d6b066d7839921a987a3667da9ecc
Opcode Fuzzy Hash: 25cbf67aeecc27dc132f6445d94f10ee2bb207cdfc8ff2b651f09d313be473c9
Instruction Fuzzy Hash: D841E772A0C3694FD35CCE29849023ABBE2BBD5300F49866EF4D6873D4DA748945DB81

Function 00841E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10d83df6f9788ddd3153e0a5d3b9843fdbd36ed6a0e393b64aaebc7dd107fb77
Instruction ID: ef951765e3c6a0a24cb3f844fd66957e690780f5b73b6f79ca7d26250b8b96b4
Opcode Fuzzy Hash: 10d83df6f9788ddd3153e0a5d3b9843fdbd36ed6a0e393b64aaebc7dd107fb77
Instruction Fuzzy Hash: C441FF7450C3849BD720AB59C888B2EFBF5FB86384F14491CF6C497292C37AE8148B66

Function 00878D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c95438be11041e736eaa3288b4ba14860802303e8672e8672bf614b640389a7
Instruction ID: ae8512900d173b0a881d91fda93e672de7d383ef214342b8ff9181ecc2a11bc6
Opcode Fuzzy Hash: 2c95438be11041e736eaa3288b4ba14860802303e8672e8672bf614b640389a7
Instruction Fuzzy Hash: BD41CF3164C2548FC315DF68C49452EFBE6EF9A300F198A2DD4D9D72A1CB74DD018B82

Function 0084D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3894656d1c5d0027525604d58100d56cc46a5777a6e9e755b3f67746671eb94e
Instruction ID: 4000f73d510c79443322e8a778ab422514f2e210b2b14a18a850e84981ddbbad
Opcode Fuzzy Hash: 3894656d1c5d0027525604d58100d56cc46a5777a6e9e755b3f67746671eb94e
Instruction Fuzzy Hash: 0241BCB16483958BD330DF18C841BABB7B0FFA6364F040958E58ADB752E7744840CB97

Function 00925089 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dad014bef8790b49a1b8cfba060d7a795c73ec55710d4b02efb38939a742aab
Instruction ID: 66e02f50b45f351c7be6dc139e4f98c049266dbef1ba4af220b20ca6d7d37640
Opcode Fuzzy Hash: 9dad014bef8790b49a1b8cfba060d7a795c73ec55710d4b02efb38939a742aab
Instruction Fuzzy Hash: E131E1F3A086005BF344EA3DDC4577B76E2DBD4310F168A3DDA98C3B84E93E99158646

Function 0086F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 3cafb6fbf2aa27e161e9b7d77fe8f1cadb0945ebe01e7740325dd7fabb7b040c
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: FC2125329082244BC3249B1DD48063AF7E4FB9A704F07962EDAC4E7296E735DC2087E2

Function 0099C456 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b27355fcb2fadcf5645f6c589a925093196d8dfd4fabd3521d1fce9a365bd56
Instruction ID: 1d09266ba1ba46e20bcacff6cd0599aa6d052bed92aa5f59a7230b0a7ee7d181
Opcode Fuzzy Hash: 9b27355fcb2fadcf5645f6c589a925093196d8dfd4fabd3521d1fce9a365bd56
Instruction Fuzzy Hash: 623135F3D183104BF7506D3AECC935AFACAAB94354F1B463DDA88D7380E97D98018291

Function 008767EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7708df1fd69d56e982175672ef98228c5375edf62df8f2707cf385120ed092
Instruction ID: d4df3b6ff7dd458bca28a91b1a2090a6f54dfabc32358f45d5ee2e37f561ed40
Opcode Fuzzy Hash: ff7708df1fd69d56e982175672ef98228c5375edf62df8f2707cf385120ed092
Instruction Fuzzy Hash: 563102705183829AE714CF14C49062BBFF0FF96784F54981DF4C8AB265E338D995CB9A

Function 00855E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a14beb9c40deba7cc6b2730e32b6f1d4709a0b9abbf70a194a7b1237d1d04fd
Instruction ID: 156f68ced76a6b18f12456246456b61f6b7fc0edd65d450154274c2ba7603e94
Opcode Fuzzy Hash: 1a14beb9c40deba7cc6b2730e32b6f1d4709a0b9abbf70a194a7b1237d1d04fd
Instruction Fuzzy Hash: C821B2705082019BC310AF18C86292BB7F4FF92766F44890CF8D9DB291E734DA08CBA3

Function 008349A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: ab9ff0503543ce07397415a210336482d07a8b8f9615e0b940836d40c742d417
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 3631D5316482109BD7149E58D880A2BB7E1FFC8359F18992DE89ADB352D331FC52CBC6

Function 00A75810 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0061ec3ed7415212f65befbcfed08631cd8155cacdf61a713301783ca1b172e9
Instruction ID: 39b4177dcb944beb06c798f2df45fa36de21f272f1071eba98d15893f35db2a8
Opcode Fuzzy Hash: 0061ec3ed7415212f65befbcfed08631cd8155cacdf61a713301783ca1b172e9
Instruction Fuzzy Hash: 5331F1B200C604EFD716AF29D882A6EFBF5FF98710F064D1CE2C482210E73594509B57

Function 008764B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d00d366d1f50f79700baa50f4b6edb164a79a6be118a95ca9cf26806a66622e1
Instruction ID: 99e14fa9fafef270640942c7b71ad4ace09eed44eea8c4ca67a0b108e1ef36dd
Opcode Fuzzy Hash: d00d366d1f50f79700baa50f4b6edb164a79a6be118a95ca9cf26806a66622e1
Instruction Fuzzy Hash: CE2123706086409BC704EF19D880A2EBBE6FB95745F28C81CE4C9D7365D335E861CB66

Function 00AB79FE Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41214404820a24d8ffe1c4774e3fb7581c1794361f9a73ee03f0fa01b826f344
Instruction ID: 721f94862a0e75aef2c1d22667981b1fd8fb6dc367717287124094959ef3d4b3
Opcode Fuzzy Hash: 41214404820a24d8ffe1c4774e3fb7581c1794361f9a73ee03f0fa01b826f344
Instruction Fuzzy Hash: 5E216DB2A0C2109BD715AE68D895BAAF7E5FF58310F12092DDBC493750EA3558408A87

Function 0086B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: c947661a76c5a990ca8f4e1f3be06e7038582be81ab566ea06f8b9a7d2a42548
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 9D11A933A091D94EC3168D3CC440565BFA36AB3639B5A4399F4B4DB2D2D7238DCA8355

Function 00860B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 9c2dd328292d8d59ca08a75592ca2ffa555e4382a2831a5570f0500d9708aaa0
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 4A0175F5A0130147E7209E5494D1B3BB2A8FF81768F1A852CD446D7301DB75EC05DB9A

Function 0085D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d15eb6e2f926f6db3bc722d3904b541111923bf3868787d50f0981865f2183a5
Instruction ID: b093acc046bbf18931d86266d9878cae00b8839b9c72c8e7bac5cb4088a2e6f6
Opcode Fuzzy Hash: d15eb6e2f926f6db3bc722d3904b541111923bf3868787d50f0981865f2183a5
Instruction Fuzzy Hash: 4A11DBB0418380AFD3209F658484A2FFBE5FBA6714F148C0DE6A49B251C779E819CF57

Function 00836EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cc6bf1119c09681d4697be4bbc1a40e3b1271a5271bcb40686090281a042ff8
Instruction ID: 9ed4f79c4d5b7959f283b6f214f4c6097a008ef84adca28b6bd2d5e7dfc46436
Opcode Fuzzy Hash: 3cc6bf1119c09681d4697be4bbc1a40e3b1271a5271bcb40686090281a042ff8
Instruction Fuzzy Hash: C9F0243A71820A1BA210CDAEA88483BB396FBD9355F149538EA44C3201ED72E80681D0

Function 0086B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 0084C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 0084B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 0242d172714916fd839baf56cccac9d8184b5222ee89352d9f8465fccb459c40
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 75F0ECB160451857DF228A559CC0F37FB9CDB87354F191436F945D7503D261D845C3EA

Function 00868220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ed888fa2e436424871118cb20e4edc10e4d294fc32d7dc9d3ca655a383f0a3
Instruction ID: da521c3532dd42e48a560bb5a2836e764f6cd7a7d44d25304c04f125698ff555
Opcode Fuzzy Hash: a6ed888fa2e436424871118cb20e4edc10e4d294fc32d7dc9d3ca655a383f0a3
Instruction Fuzzy Hash: BC01E4B04107009FD360EF29C445747BBF8FB48754F108A1DE8AECB680D770A5888B82

Function 00871440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: d74e0554c9a06968506aff5bb39b2b2b28510121ae20ccf73e8f767603a3f33d
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 11D05E31608321469F648E1DA404977F7E1FA87B11F49955EF58AE314CE230DC41C2AD

Function 00841ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f66e89028a7c9cef264be5a151c0b4d2f91bca9f44446484839334983b4997
Instruction ID: 460e17425553454aa0e1bd1e3f469010911329755ed3a90447d56f6f8e87e8b9
Opcode Fuzzy Hash: 97f66e89028a7c9cef264be5a151c0b4d2f91bca9f44446484839334983b4997
Instruction Fuzzy Hash: F1C08C34A290058BC244CF06FC9D432B3B8B70730CB00703ADB0BF3223DA20C4428A0D

Function 00876094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9f5c1ab44ac0cd55c9f046fe84ec415777bfddf7b359fd32b91299f01f00f3d
Instruction ID: 9b48710eb4e014114c80c1b710dddb624b8799652b0c572659d352f1036e80f0
Opcode Fuzzy Hash: b9f5c1ab44ac0cd55c9f046fe84ec415777bfddf7b359fd32b91299f01f00f3d
Instruction Fuzzy Hash: D7C09B7469C10487A20CCF0CD951475F376FB97F38724F01DC80663259C534D512961C

Function 00841A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044dc902a95925036e7561cd3698785f3bfd9abc1b3b5be95b3d0c72af9ee275
Instruction ID: 58c4de0e8292b8cf274358528855fd1c3fd367ce4282a9d36ec6af33fb649795
Opcode Fuzzy Hash: 044dc902a95925036e7561cd3698785f3bfd9abc1b3b5be95b3d0c72af9ee275
Instruction Fuzzy Hash: ADC09B34A6D044CBC644CF87E8D9531A3FCB70720CB10303A970BF7267C560D445850D

Function 00875FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2191894021.0000000000831000.00000040.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true

Associated: 00000000.00000002.2191851571.0000000000830000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191952571.0000000000890000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2191971334.000000000089C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192085360.00000000009F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192102402.00000000009F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192120276.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192151992.0000000000A1A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192169172.0000000000A1E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192186362.0000000000A29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192202847.0000000000A30000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192220736.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192236158.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192248908.0000000000A53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192265252.0000000000A58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192284158.0000000000A73000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192301735.0000000000A76000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192315866.0000000000A77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192332723.0000000000A7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192354364.0000000000A7C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192370923.0000000000A80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192385131.0000000000A81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192399471.0000000000A86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192417138.0000000000A9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192432095.0000000000AA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192450426.0000000000AA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192466181.0000000000AA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192481140.0000000000AA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192498478.0000000000AA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192515536.0000000000AAF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192531451.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192548585.0000000000AB9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192561723.0000000000ABB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192585463.0000000000ADB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000ADC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192602138.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192645611.0000000000B12000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192660518.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192677624.0000000000B29000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B2A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192694538.0000000000B31000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192730021.0000000000B41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2192744489.0000000000B42000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_830000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45374dda2bac58197b97bbed792ce2d61a9dc87676ec4cc0dc7dd08768c67c15
Instruction ID: 3488b32781aaecca1ce51a56d5314967bc739723dd7c30225e5e20c70325b522
Opcode Fuzzy Hash: 45374dda2bac58197b97bbed792ce2d61a9dc87676ec4cc0dc7dd08768c67c15
Instruction Fuzzy Hash: D2C09274BA80008BA24CCF1CDD51935F2BAAB8BE38B14B02DC806A3256D134D912870C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 008750FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 0083FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 0083D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00875700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00875BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 0087695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 0084049B Relevance: .3, Instructions: 264
COMMON

Function 00873220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00873202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON