Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538589
MD5:	fb40261f71cd9a4f8f97fe59351136f0
SHA1:	20ebe6695eb9ee24497f5265a84e18d876b1e4f4
SHA256:	01be1f6d74db8b1f9e73c5f0261e4412dcdc21a6d59b7c07925a4c26cbbc6860
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7044 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FB40261F71CD9A4F8F97FE59351136F0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["studennotediw.store", "spirittunek.store", "clearancek.site", "bathdoomgaz.store", "dissapoiznw.store", "licendfilteo.site", "eaglepawnoy.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.509870+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.5	60138	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.434728+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.5	58543	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.481218+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.5	64091	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.469975+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.5	49551	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.535982+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.5	62396	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.454112+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.5	59767	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.524735+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.5	51514	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:11.492350+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.5	56499	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-21T14:42:12.748147+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	23.50.98.133	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.7044.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["studennotediw.store", "spirittunek.store", "clearancek.site", "bathdoomgaz.store", "dissapoiznw.store", "licendfilteo.site", "eaglepawnoy.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0044D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0044D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_004863B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_0048695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_004899D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_0044FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00450EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00484040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00441000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00456F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_0047F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00486094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0046D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00462260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00462260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_004542FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_0044A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00481440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0045D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0046C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0046E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_0045B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_004864B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00469510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00487520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00456536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00448590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_0047B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0046E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00485700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00487710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_004867EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0046D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_004628E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_0045D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00483920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_004449A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00484A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00445A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00451A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00451ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00489B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_0045DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_0045DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00453BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00451BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00470B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_0046EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00467C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_0047FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_0046CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0046CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_0046CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00489CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00489CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_0046AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_0046AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_0046FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0046DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00488D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_0046AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00467E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00465E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00454E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00451E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00446EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_0044BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00456EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00469F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0047FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00487FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00487FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00448FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_0045FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00485FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00456F91

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:59767 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:56499 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:64091 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:62396 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:58543 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:51514 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:49551 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:60138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.50.98.133:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: mobbipenju.store

Source: Joe Sandbox View

IP Address: 23.50.98.133 23.50.98.133

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ca1f33efcba240eb4313f381c8870b8c8; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d7c205bdb4e8adcf85223d71; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25258Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 21 Oct 2024 12:42:12 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apii
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/apiK
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.c
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077769590.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2078796033.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077769590.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2077769590.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ca1f33efcba240eb
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450228	0_2_00450228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484040	0_2_00484040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E	0_2_0060B07E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00441000	0_2_00441000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00621038	0_2_00621038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452030	0_2_00452030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A0D0	0_2_0048A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00445160	0_2_00445160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B9112	0_2_005B9112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006101C5	0_2_006101C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004471F0	0_2_004471F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E1A0	0_2_0044E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004782D0	0_2_004782D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004712D0	0_2_004712D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004412F7	0_2_004412F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061F35E	0_2_0061F35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A300	0_2_0044A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006143C1	0_2_006143C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004723E0	0_2_004723E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044B3A0	0_2_0044B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004413A3	0_2_004413A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061A47B	0_2_0061A47B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C470	0_2_0046C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004764F0	0_2_004764F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454487	0_2_00454487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045049B	0_2_0045049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00609552	0_2_00609552
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C5F0	0_2_0045C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060E5DC	0_2_0060E5DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448590	0_2_00448590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004435B0	0_2_004435B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044164F	0_2_0044164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488652	0_2_00488652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047F620	0_2_0047F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004886F0	0_2_004886F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D3772	0_2_005D3772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061D7E5	0_2_0061D7E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D27F0	0_2_004D27F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A850	0_2_0044A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00471860	0_2_00471860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B8C0	0_2_0047B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006188DF	0_2_006188DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E8A0	0_2_0047E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BF964	0_2_005BF964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046098B	0_2_0046098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004889A0	0_2_004889A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484A40	0_2_00484A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488A80	0_2_00488A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060CAAA	0_2_0060CAAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00487AB0	0_2_00487AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045DB6F	0_2_0045DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00447BF0	0_2_00447BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488C02	0_2_00488C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00611C01	0_2_00611C01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CCD0	0_2_0046CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486CBF	0_2_00486CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00468D62	0_2_00468D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00616D4F	0_2_00616D4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046FD10	0_2_0046FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046DD29	0_2_0046DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AE57	0_2_0046AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488E70	0_2_00488E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00536E1E	0_2_00536E1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454E2A	0_2_00454E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EEEFA	0_2_005EEEFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044BEB0	0_2_0044BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456EBF	0_2_00456EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044AF10	0_2_0044AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00487FC0	0_2_00487FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448FD0	0_2_00448FD0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0045D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0044CAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995487830033003

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00478220 CoCreateInstance,

0_2_00478220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2967552 > 1048576

Source: file.exe

Static PE information: Raw size of lssjeeuw is bigger than: 0x100000 < 0x2ab000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.440000.0.unpack :EW;.rsrc :W;.idata :W;lssjeeuw:EW;lmoyuldp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;lssjeeuw:EW;lmoyuldp:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2e3704 should be: 0x2d6735

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: lssjeeuw
Source: file.exe	Static PE information: section name: lmoyuldp
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 26D8D261h; mov dword ptr [esp], esp	0_2_0060B08D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], edx	0_2_0060B123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], esi	0_2_0060B127
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 7B81BBE3h; mov dword ptr [esp], ebx	0_2_0060B23E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 22A329A0h; mov dword ptr [esp], ebp	0_2_0060B2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], edx	0_2_0060B360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 7C4C3A74h; mov dword ptr [esp], ecx	0_2_0060B380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 54EB76D1h; mov dword ptr [esp], esi	0_2_0060B3E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push ecx; mov dword ptr [esp], edi	0_2_0060B3EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push esi; mov dword ptr [esp], eax	0_2_0060B4BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 64EB96D2h; mov dword ptr [esp], ecx	0_2_0060B53A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 76AA4A42h; mov dword ptr [esp], esi	0_2_0060B5B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push esi; mov dword ptr [esp], eax	0_2_0060B60C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 1543BB3Fh; mov dword ptr [esp], edx	0_2_0060B66F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 3D31C41Bh; mov dword ptr [esp], edi	0_2_0060B6CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push esi; mov dword ptr [esp], eax	0_2_0060B6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 382FC0B7h; mov dword ptr [esp], esi	0_2_0060B6E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], edx	0_2_0060B740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 6B305429h; mov dword ptr [esp], ecx	0_2_0060B764
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push edi; mov dword ptr [esp], ecx	0_2_0060B7B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], edi	0_2_0060B851
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push ebp; mov dword ptr [esp], 3F6DFF33h	0_2_0060B87E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 2EC2ADFEh; mov dword ptr [esp], ebx	0_2_0060B8A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push ebp; mov dword ptr [esp], 65E34BF6h	0_2_0060B8F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], ebx	0_2_0060B911
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push ebp; mov dword ptr [esp], 4F7738F0h	0_2_0060B984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 33DA70B6h; mov dword ptr [esp], edx	0_2_0060BA5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push eax; mov dword ptr [esp], esi	0_2_0060BA62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 7E1CB555h; mov dword ptr [esp], edi	0_2_0060BAFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push ebp; mov dword ptr [esp], esi	0_2_0060BB53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060B07E push 2BB71630h; mov dword ptr [esp], ebx	0_2_0060BBEE

Source: file.exe

Static PE information: section name: entropy: 7.980180731502382

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A456C second address: 4A4588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC21h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A4588 second address: 4A45A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691D4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625BAF second address: 625BBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jg 00007FF12D57BC16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625BBB second address: 625BC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625BC4 second address: 625BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF12D57BC24h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625BE7 second address: 625BF1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625F07 second address: 625F0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625F0B second address: 625F2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c ja 00007FF12D3691D0h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62609A second address: 6260A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6260A3 second address: 6260A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6260A7 second address: 6260AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62620B second address: 626216 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626216 second address: 626237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF12D57BC28h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626237 second address: 62623B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62638C second address: 6263A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jns 00007FF12D57BC21h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6263A2 second address: 6263C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D1h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF12D3691D0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6263C7 second address: 6263CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62650C second address: 626516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627FC0 second address: 627FC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627FC4 second address: 627FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627FCA second address: 628028 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF12D57BC1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FF12D57BC20h 0x00000011 pushad 0x00000012 jnc 00007FF12D57BC16h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007FF12D57BC18h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 xor si, 12D2h 0x0000003b push 00000000h 0x0000003d mov dword ptr [ebp+122D2F72h], ebx 0x00000043 call 00007FF12D57BC19h 0x00000048 push eax 0x00000049 push edx 0x0000004a js 00007FF12D57BC18h 0x00000050 push esi 0x00000051 pop esi 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628028 second address: 62808C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF12D3691D5h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jg 00007FF12D3691E5h 0x00000019 mov eax, dword ptr [eax] 0x0000001b jnp 00007FF12D3691CEh 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62808C second address: 6280B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 pushad 0x0000000a jmp 00007FF12D57BC28h 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6280B2 second address: 628142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 xor dword ptr [ebp+122D1D88h], ebx 0x0000000e push 00000003h 0x00000010 mov cx, D830h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 jg 00007FF12D3691D5h 0x0000001d pop edx 0x0000001e push 00000003h 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FF12D3691C8h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a stc 0x0000003b call 00007FF12D3691C9h 0x00000040 pushad 0x00000041 pushad 0x00000042 pushad 0x00000043 popad 0x00000044 push eax 0x00000045 pop eax 0x00000046 popad 0x00000047 jmp 00007FF12D3691D5h 0x0000004c popad 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push edx 0x00000051 jmp 00007FF12D3691D4h 0x00000056 pop edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62822F second address: 628284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jnc 00007FF12D57BC1Ch 0x00000011 jg 00007FF12D57BC1Ch 0x00000017 popad 0x00000018 nop 0x00000019 sub dword ptr [ebp+122D25FFh], ecx 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+122D311Eh], ecx 0x00000027 push 46B04205h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jp 00007FF12D57BC16h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628284 second address: 62828A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62828A second address: 628290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628290 second address: 628340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 46B04285h 0x0000000f pushad 0x00000010 or eax, dword ptr [ebp+122D3B1Eh] 0x00000016 mov dword ptr [ebp+122D310Bh], esi 0x0000001c popad 0x0000001d mov edx, dword ptr [ebp+122D30C7h] 0x00000023 push 00000003h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007FF12D3691C8h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ah 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f jmp 00007FF12D3691D9h 0x00000044 push 00000000h 0x00000046 jng 00007FF12D3691D1h 0x0000004c pushad 0x0000004d movsx ebx, si 0x00000050 jg 00007FF12D3691C6h 0x00000056 popad 0x00000057 mov esi, dword ptr [ebp+122D3A36h] 0x0000005d push 00000003h 0x0000005f movzx edi, di 0x00000062 call 00007FF12D3691C9h 0x00000067 push ebx 0x00000068 jmp 00007FF12D3691CBh 0x0000006d pop ebx 0x0000006e push eax 0x0000006f jmp 00007FF12D3691D0h 0x00000074 mov eax, dword ptr [esp+04h] 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b push edx 0x0000007c pop edx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628340 second address: 628345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628519 second address: 628535 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FF12D3691C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628535 second address: 62856A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF12D57BC29h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62856A second address: 6285A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FF12D3691CDh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c mov dword ptr [ebp+122D1D02h], ebx 0x00000012 lea ebx, dword ptr [ebp+12457EA8h] 0x00000018 mov cx, dx 0x0000001b xchg eax, ebx 0x0000001c ja 00007FF12D3691D0h 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285A5 second address: 6285A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285A9 second address: 6285AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285AF second address: 6285B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285B5 second address: 6285B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A4DB second address: 63A4F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF12D57BC1Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A4F1 second address: 63A4F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64939D second address: 6493B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6493B3 second address: 6493B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6493B7 second address: 6493C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6493C3 second address: 6493C9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6493C9 second address: 6493CE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6493CE second address: 6493DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF12D3691C6h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647526 second address: 64752A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64752A second address: 647532 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647532 second address: 647562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC1Ch 0x00000007 jo 00007FF12D57BC18h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FF12D57BC22h 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647562 second address: 647569 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647569 second address: 647589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC23h 0x00000009 popad 0x0000000a jne 00007FF12D57BC2Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64783C second address: 647840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F1B second address: 647F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F21 second address: 647F2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F2B second address: 647F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F31 second address: 647F35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F35 second address: 647F39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F39 second address: 647F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 je 00007FF12D3691CAh 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 647F4F second address: 647F59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF12D57BC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6480C7 second address: 6480D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FF12D3691C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6480D3 second address: 6480E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D57BC1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648616 second address: 64861C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64861C second address: 648620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648620 second address: 648633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FF12D3691CAh 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648E3B second address: 648E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648E3F second address: 648E43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648F89 second address: 648F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648F8D second address: 648F91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648F91 second address: 648FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF12D57BC1Fh 0x0000000c jmp 00007FF12D57BC23h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64CE15 second address: 64CE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64CE19 second address: 64CE3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jnl 00007FF12D57BC16h 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64CE3C second address: 64CE61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FF12D3691CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64CFD3 second address: 64CFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D111 second address: 64D128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D128 second address: 64D188 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FF12D57BC29h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jp 00007FF12D57BC1Ah 0x00000012 push edi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edi 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007FF12D57BC1Ch 0x0000001f mov eax, dword ptr [eax] 0x00000021 pushad 0x00000022 push ebx 0x00000023 jmp 00007FF12D57BC1Bh 0x00000028 pop ebx 0x00000029 push edi 0x0000002a pushad 0x0000002b popad 0x0000002c pop edi 0x0000002d popad 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 push ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FF12D57BC1Ah 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FC50 second address: 60FC56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FC56 second address: 60FC71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC25h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60FC71 second address: 60FC77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653AE7 second address: 653AEC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653AEC second address: 653AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653C80 second address: 653C9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC29h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653C9D second address: 653CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FF12D3691CCh 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653CB3 second address: 653CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 je 00007FF12D57BC16h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007FF12D57BC16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653CCA second address: 653CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653CCE second address: 653CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6544A7 second address: 6544C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691D4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6576A8 second address: 6576AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6576AE second address: 6576C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D3691D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6576C4 second address: 6576C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657734 second address: 657746 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657746 second address: 657789 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D57BC1Ch 0x00000008 jno 00007FF12D57BC16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 add dword ptr [esp], 4881CB00h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FF12D57BC18h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 push 076BE28Dh 0x00000036 push eax 0x00000037 push edx 0x00000038 push ebx 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b pop ebx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65824F second address: 6582A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FF12D3691C8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 jmp 00007FF12D3691D8h 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e jno 00007FF12D3691C6h 0x00000034 push eax 0x00000035 pop eax 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6582A1 second address: 6582C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF12D57BC22h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658363 second address: 65836D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65870C second address: 658710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6588A6 second address: 6588F3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FF12D3691C8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D317Ch], edi 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FF12D3691D3h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658E41 second address: 658E45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B256 second address: 65B260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF12D3691C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B260 second address: 65B279 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jng 00007FF12D57BC16h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B279 second address: 65B2B6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF12D3691CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b adc di, 3D4Fh 0x00000010 push 00000000h 0x00000012 jmp 00007FF12D3691D8h 0x00000017 push 00000000h 0x00000019 sub dword ptr [ebp+122D1CA9h], ebx 0x0000001f push eax 0x00000020 pushad 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65BE6E second address: 65BE74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65BC4E second address: 65BC53 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65BE74 second address: 65BE79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C88C second address: 65C896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF12D3691C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C896 second address: 65C8A8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C8A8 second address: 65C8AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C8AC second address: 65C8B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FE65 second address: 65FE92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jnc 00007FF12D3691CCh 0x00000011 pushad 0x00000012 jl 00007FF12D3691C6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 660E87 second address: 660E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 660E8B second address: 660E8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 662E07 second address: 662E11 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF12D57BC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 662E11 second address: 662E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 662E1E second address: 662E22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 662E22 second address: 662E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664EC3 second address: 664EC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664EC9 second address: 664EE0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 js 00007FF12D3691C6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jp 00007FF12D3691C6h 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664EE0 second address: 664F54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF12D57BC1Dh 0x00000008 jnc 00007FF12D57BC16h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 mov di, dx 0x00000015 mov di, ax 0x00000018 push 00000000h 0x0000001a or dword ptr [ebp+122D2292h], edx 0x00000020 clc 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007FF12D57BC18h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d jng 00007FF12D57BC18h 0x00000043 mov ebx, ecx 0x00000045 jbe 00007FF12D57BC1Ch 0x0000004b and ebx, 4717C8B0h 0x00000051 xchg eax, esi 0x00000052 jmp 00007FF12D57BC1Eh 0x00000057 push eax 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664F54 second address: 664F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664F58 second address: 664F65 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665E13 second address: 665E25 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FF12D3691C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665EAD second address: 665EC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665EC7 second address: 665ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007FF12D3691CCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 666E60 second address: 666E6A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667EEB second address: 667EF5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66209E second address: 6620A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AFA1 second address: 66B018 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF12D3691C8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+12479DC1h], eax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FF12D3691C8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007FF12D3691C8h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+124797BAh] 0x0000004f xchg eax, esi 0x00000050 push ecx 0x00000051 jnp 00007FF12D3691C8h 0x00000057 pop ecx 0x00000058 push eax 0x00000059 pushad 0x0000005a pushad 0x0000005b push ebx 0x0000005c pop ebx 0x0000005d push esi 0x0000005e pop esi 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 pop eax 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663054 second address: 663058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663058 second address: 66305E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66305E second address: 663065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6651A1 second address: 6651AB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6660FE second address: 666103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 666103 second address: 666120 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF12D3691CCh 0x00000008 jg 00007FF12D3691C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jg 00007FF12D3691C8h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66419D second address: 6641A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6680FC second address: 668101 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669181 second address: 6691A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF12D57BC28h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66A203 second address: 66A209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6691A0 second address: 669250 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push dword ptr fs:[00000000h] 0x00000012 mov dword ptr fs:[00000000h], esp 0x00000019 mov dword ptr [ebp+12459309h], edx 0x0000001f add bx, 9739h 0x00000024 mov eax, dword ptr [ebp+122D034Dh] 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007FF12D57BC18h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000018h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 push FFFFFFFFh 0x00000046 push 00000000h 0x00000048 push ebp 0x00000049 call 00007FF12D57BC18h 0x0000004e pop ebp 0x0000004f mov dword ptr [esp+04h], ebp 0x00000053 add dword ptr [esp+04h], 0000001Ch 0x0000005b inc ebp 0x0000005c push ebp 0x0000005d ret 0x0000005e pop ebp 0x0000005f ret 0x00000060 jmp 00007FF12D57BC25h 0x00000065 nop 0x00000066 ja 00007FF12D57BC2Fh 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jc 00007FF12D57BC18h 0x00000075 push ebx 0x00000076 pop ebx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B1D4 second address: 66B1DE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B1DE second address: 66B1E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66C262 second address: 66C26F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66D4A7 second address: 66D4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B1E4 second address: 66B1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66C26F second address: 66C273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66D4AB second address: 66D4C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66D4C0 second address: 66D581 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF12D57BC18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FF12D57BC1Fh 0x00000010 nop 0x00000011 call 00007FF12D57BC27h 0x00000016 mov dword ptr [ebp+12479828h], ecx 0x0000001c pop ebx 0x0000001d push dword ptr fs:[00000000h] 0x00000024 push 00000000h 0x00000026 push ebx 0x00000027 call 00007FF12D57BC18h 0x0000002c pop ebx 0x0000002d mov dword ptr [esp+04h], ebx 0x00000031 add dword ptr [esp+04h], 00000015h 0x00000039 inc ebx 0x0000003a push ebx 0x0000003b ret 0x0000003c pop ebx 0x0000003d ret 0x0000003e mov di, FD11h 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007FF12D57BC18h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 mov eax, dword ptr [ebp+122D14ADh] 0x00000069 call 00007FF12D57BC28h 0x0000006e mov edi, dword ptr [ebp+122D3B76h] 0x00000074 pop ebx 0x00000075 push FFFFFFFFh 0x00000077 mov edi, 0456A514h 0x0000007c nop 0x0000007d push edx 0x0000007e pushad 0x0000007f pushad 0x00000080 popad 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66F40F second address: 66F413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 677778 second address: 67778C instructions: 0x00000000 rdtsc 0x00000002 je 00007FF12D57BC16h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FF12D57BC16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67778C second address: 6777B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FF12D3691CAh 0x0000000f push edx 0x00000010 jmp 00007FF12D3691D5h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676EF0 second address: 676EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676EF6 second address: 676EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676EFA second address: 676F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jo 00007FF12D57BC16h 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF12D57BC25h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6771D7 second address: 67720A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF12D3691D1h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007FF12D3691D3h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67720A second address: 67720E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67720E second address: 677231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691CBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF12D3691CEh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 677384 second address: 67738C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67D6A7 second address: 67D6AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67D6AB second address: 67D6AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6826A9 second address: 6826B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 681E5F second address: 681E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 681E6B second address: 681E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jg 00007FF12D3691C8h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FF12D3691D2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 681E8F second address: 681EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC1Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68202D second address: 68203B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jne 00007FF12D3691D2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6822C7 second address: 6822F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC1Fh 0x00000009 jmp 00007FF12D57BC25h 0x0000000e popad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682576 second address: 68257C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 685925 second address: 68594F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007FF12D57BC22h 0x0000000d jmp 00007FF12D57BC1Ch 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FF12D57BC1Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68594F second address: 68595E instructions: 0x00000000 rdtsc 0x00000002 js 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68595E second address: 685965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 685965 second address: 68597D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D3691D2h 0x00000008 ja 00007FF12D3691C6h 0x0000000e jl 00007FF12D3691C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689F31 second address: 689F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF12D57BC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689F3B second address: 689F41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689F41 second address: 689F4B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF12D57BC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689F4B second address: 689F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jno 00007FF12D3691C6h 0x00000015 pop esi 0x00000016 push eax 0x00000017 push esi 0x00000018 pop esi 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A293 second address: 68A2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC29h 0x00000009 popad 0x0000000a push ebx 0x0000000b jno 00007FF12D57BC16h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A40F second address: 68A415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A415 second address: 68A41F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A41F second address: 68A44B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FF12D3691CBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF12D3691D6h 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A58B second address: 68A58F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A58F second address: 68A5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007FF12D3691D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007FF12D3691C6h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68ACAB second address: 68ACB7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF12D57BC1Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AE15 second address: 68AE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63F375 second address: 63F38E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF12D57BC1Eh 0x00000008 push edi 0x00000009 jp 00007FF12D57BC16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619FF3 second address: 61A011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D3691D4h 0x00000009 ja 00007FF12D3691C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6924C1 second address: 6924CB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF12D57BC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6924CB second address: 6924D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6924D3 second address: 6924D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656639 second address: 65663F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6567B3 second address: 6567B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6567B9 second address: 656868 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 601A4E89h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FF12D3691C8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 jmp 00007FF12D3691D7h 0x0000002e stc 0x0000002f call 00007FF12D3691C9h 0x00000034 push eax 0x00000035 jmp 00007FF12D3691D9h 0x0000003a pop eax 0x0000003b push eax 0x0000003c jmp 00007FF12D3691D5h 0x00000041 mov eax, dword ptr [esp+04h] 0x00000045 pushad 0x00000046 push ecx 0x00000047 jmp 00007FF12D3691D1h 0x0000004c pop ecx 0x0000004d pushad 0x0000004e jl 00007FF12D3691C6h 0x00000054 pushad 0x00000055 popad 0x00000056 popad 0x00000057 popad 0x00000058 mov eax, dword ptr [eax] 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushad 0x0000005e popad 0x0000005f je 00007FF12D3691C6h 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656C02 second address: 656C50 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FF12D57BC1Ch 0x00000010 ja 00007FF12D57BC16h 0x00000016 popad 0x00000017 mov dword ptr [esp], eax 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FF12D57BC18h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 mov edi, dword ptr [ebp+122D3B9Eh] 0x0000003a push 00000004h 0x0000003c mov edi, 2C163AF2h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jl 00007FF12D57BC16h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656C50 second address: 656C56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656FCB second address: 657009 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF12D57BC1Ch 0x00000008 jne 00007FF12D57BC16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF12D57BC22h 0x00000017 pop edx 0x00000018 nop 0x00000019 mov edx, 3A93EA76h 0x0000001e push 0000001Eh 0x00000020 mov dword ptr [ebp+122D3897h], edi 0x00000026 push eax 0x00000027 ja 00007FF12D57BC20h 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 pop eax 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657142 second address: 657146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657146 second address: 65714A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65714A second address: 657150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692752 second address: 692758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692758 second address: 692775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691D2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692950 second address: 692969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC1Eh 0x00000009 jns 00007FF12D57BC16h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692969 second address: 69297D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D3691CEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69297D second address: 692981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692981 second address: 692997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 692BF6 second address: 692C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jng 00007FF12D57BC16h 0x0000000c jno 00007FF12D57BC16h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69318A second address: 69319E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jmp 00007FF12D3691CDh 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61EE7D second address: 61EE87 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698AE9 second address: 698AED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698F37 second address: 698F3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698F3D second address: 698F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699384 second address: 6993B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FF12D57BC18h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 jnp 00007FF12D57BC16h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FF12D57BC29h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6993B8 second address: 6993CC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF12D3691CAh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c ja 00007FF12D3691CEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699628 second address: 69962C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69962C second address: 699647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF12D3691D3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699647 second address: 699656 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF12D57BC1Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69BEF1 second address: 69BEFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF12D3691C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D409 second address: 69D444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC22h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF12D57BC24h 0x00000010 popad 0x00000011 jne 00007FF12D57BC1Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D444 second address: 69D461 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF12D3691CAh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FF12D3691CCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 614DED second address: 614DFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007FF12D57BC16h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3A67 second address: 6A3A6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3A6B second address: 6A3A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3BBF second address: 6A3BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3BC3 second address: 6A3BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3E56 second address: 6A3E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3E5C second address: 6A3E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8357 second address: 6A835B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8784 second address: 6A8788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8788 second address: 6A879A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF12D3691C6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A88DD second address: 6A88E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A88E4 second address: 6A88F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF12D3691C6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A88F0 second address: 6A8909 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC1Bh 0x00000007 jg 00007FF12D57BC16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656DED second address: 656E7A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF12D3691CCh 0x00000008 jg 00007FF12D3691C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov ch, dh 0x00000013 mov ebx, dword ptr [ebp+12485F6Bh] 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007FF12D3691C8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 add eax, ebx 0x00000035 mov ecx, dword ptr [ebp+122D39E2h] 0x0000003b nop 0x0000003c push edx 0x0000003d jmp 00007FF12D3691D9h 0x00000042 pop edx 0x00000043 push eax 0x00000044 jmp 00007FF12D3691CCh 0x00000049 nop 0x0000004a or dword ptr [ebp+122D1E2Ch], ebx 0x00000050 push 00000004h 0x00000052 jl 00007FF12D3691CBh 0x00000058 mov edx, 187A4495h 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 ja 00007FF12D3691C6h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656E7A second address: 656E7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656E7E second address: 656E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FF12D3691C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6AE30D second address: 6AE315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6AD718 second address: 6AD71C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADC51 second address: 6ADC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADC57 second address: 6ADC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FF12D3691CBh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADC67 second address: 6ADC72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FF12D57BC16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADC72 second address: 6ADC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF12D3691D9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B450C second address: 6B4511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B4511 second address: 6B4525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FF12D3691CEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B46C1 second address: 6B46C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B486D second address: 6B4876 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B4B45 second address: 6B4B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF12D57BC16h 0x0000000a js 00007FF12D57BC16h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B4B56 second address: 6B4B7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691CAh 0x00000007 jmp 00007FF12D3691D3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B4B7D second address: 6B4B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B4B81 second address: 6B4B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B591D second address: 6B5939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jmp 00007FF12D57BC25h 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9498 second address: 6B94AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D3691D1h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B960E second address: 6B961A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF12D57BC18h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9A18 second address: 6B9A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF12D3691C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9A24 second address: 6B9A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 ja 00007FF12D57BC16h 0x0000000c jne 00007FF12D57BC16h 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF12D57BC1Eh 0x0000001a jns 00007FF12D57BC16h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9A4D second address: 6B9A68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007FF12D3691CFh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9A68 second address: 6B9A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D57BC1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9BFD second address: 6B9C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF12D3691D8h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9C1A second address: 6B9C21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9EC5 second address: 6B9ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9ECB second address: 6B9ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9ECF second address: 6B9EDF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF12D3691C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9EDF second address: 6B9EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9EEB second address: 6B9EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C633F second address: 6C636A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007FF12D57BC29h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C636A second address: 6C636E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6CEE second address: 6C6CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6CF4 second address: 6C6D08 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF12D3691C6h 0x00000008 jnl 00007FF12D3691C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6D08 second address: 6C6D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6D0C second address: 6C6D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C70ED second address: 6C70F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7EFB second address: 6C7F1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D3691D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007FF12D3691C6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7F1E second address: 6C7F40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF12D57BC20h 0x0000000b popad 0x0000000c push esi 0x0000000d jo 00007FF12D57BC1Eh 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CDE1C second address: 6CDE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF12D3691D0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD9D3 second address: 6CD9D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD9D9 second address: 6CD9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD9DF second address: 6CD9E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DC246 second address: 6DC24C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61BA54 second address: 61BA58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61BA58 second address: 61BA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F4755 second address: 6F4759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FA5E9 second address: 6FA5F0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FA8B0 second address: 6FA8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FAA23 second address: 6FAA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF12D3691C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FAB98 second address: 6FAB9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FAB9C second address: 6FABB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF12D3691D0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FABB2 second address: 6FABB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FABB9 second address: 6FABBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FBA08 second address: 6FBA1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FF12D57BC16h 0x0000000a jmp 00007FF12D57BC1Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF74C second address: 6FF758 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF12D3691C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70298C second address: 702992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709B0E second address: 709B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF12D3691C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709B1A second address: 709B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007FF12D57BC27h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709B3B second address: 709B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF12D3691CFh 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push edi 0x00000011 pop edi 0x00000012 jno 00007FF12D3691C6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709B60 second address: 709B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF12D57BC16h 0x0000000a je 00007FF12D57BC16h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70B060 second address: 70B073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jnp 00007FF12D3691C6h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7149C6 second address: 7149CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7149CC second address: 7149D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 721AEC second address: 721AFD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jc 00007FF12D57BC16h 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7217E6 second address: 7217EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7217EB second address: 7217F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7217F0 second address: 7217FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739895 second address: 73989B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73989B second address: 7398B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF12D3691D1h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7398B3 second address: 739906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnl 00007FF12D57BC1Eh 0x00000012 pushad 0x00000013 jmp 00007FF12D57BC1Ch 0x00000018 jns 00007FF12D57BC16h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 jmp 00007FF12D57BC25h 0x00000026 push eax 0x00000027 push edx 0x00000028 jne 00007FF12D57BC16h 0x0000002e jng 00007FF12D57BC16h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739906 second address: 73990A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739A62 second address: 739A67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739A67 second address: 739A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A432 second address: 73A436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A436 second address: 73A43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A43C second address: 73A442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D0AF second address: 73D0B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D0B3 second address: 73D0B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D0B9 second address: 73D0C3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF12D3691CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D0C3 second address: 73D0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D0CE second address: 73D0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D42A second address: 73D481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edi 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jnl 00007FF12D57BC28h 0x00000011 jmp 00007FF12D57BC1Ch 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c jg 00007FF12D57BC18h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FF12D57BC28h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D6C6 second address: 73D6CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D6CA second address: 73D6D4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF12D57BC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900BF0 second address: 4900BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900BF4 second address: 4900C11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C11 second address: 4900C21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF12D3691CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C21 second address: 4900C25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C25 second address: 4900C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e jmp 00007FF12D3691D7h 0x00000013 test ecx, ecx 0x00000015 jmp 00007FF12D3691D6h 0x0000001a jns 00007FF12D369202h 0x00000020 jmp 00007FF12D3691D0h 0x00000025 add eax, ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF12D3691CAh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C88 second address: 4900C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C8C second address: 4900C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900C92 second address: 4900D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f pushad 0x00000010 movzx esi, di 0x00000013 mov ecx, edi 0x00000015 popad 0x00000016 test eax, eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF12D57BC1Bh 0x0000001f adc si, 5EDEh 0x00000024 jmp 00007FF12D57BC29h 0x00000029 popfd 0x0000002a mov cx, 05A7h 0x0000002e popad 0x0000002f je 00007FF19E6F1C91h 0x00000035 pushad 0x00000036 mov ah, 02h 0x00000038 pushad 0x00000039 mov dx, FD16h 0x0000003d mov esi, edi 0x0000003f popad 0x00000040 popad 0x00000041 test byte ptr [eax+04h], 00000005h 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900D00 second address: 4900D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900D04 second address: 4900D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF12D57BC1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900D16 second address: 4900D1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4900D1C second address: 4900D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65A64F second address: 65A655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65A655 second address: 65A659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4A3CEC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 64B5D7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4A139A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6CF439 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3276	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6156	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2078665235.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077769590.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00485BB0 LdrInitializeThunk,

0_2_00485BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store
Source: file.exe	String found in binary or memory: mobbipenju.store

Source: file.exe, file.exe, 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: 5.Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	5 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.50.98.133	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bathdoomgaz.store:443/api	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ca1f33efcba240eb	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://licendfilteo.site:443/apiK	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.c	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://studennotediw.store:443/api	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site:443/apii	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000003.2077662099.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078761463.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000002.2078665235.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2077643974.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077769590.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077662099.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2077769590.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2078796033.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2077617120.0000000000C13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.50.98.133	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538589
Start date and time:	2024-10-21 14:41:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
08:42:10	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.50.98.133	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	https://u.to/UKDgIA	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.PWSX-gen.1070.11757.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	SecuriteInfo.com.Trojan.PWS.Steam.37477.6298.10622.exe	Get hash	malicious	Vidar	Browse
	SecuriteInfo.com.Win32.Evo-gen.25283.30900.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.FileRepMalware.25501.25264.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	95.100.48.249
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	Constate	Get hash	malicious	Unknown	Browse	96.17.64.247
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	95.100.48.249
	Message_2530136.eml	Get hash	malicious	Unknown	Browse	2.19.126.160
	https://www.childkorea.or.kr/bbs/link.html?code=alarm&number=3064&url=https://form.jotform.com/242923371946059	Get hash	malicious	HTMLPhisher	Browse	184.50.112.129
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	23.199.218.33
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	Re_ Matthew Magro shared _Bonitz .pdf_ with you.eml	Get hash	malicious	HTMLPhisher	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	SUNLIGHT ORDER.xls	Get hash	malicious	Unknown	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	23.50.98.133
	file.exe	Get hash	malicious	LummaC	Browse	23.50.98.133

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.556865257139036
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'967'552 bytes
MD5:	fb40261f71cd9a4f8f97fe59351136f0
SHA1:	20ebe6695eb9ee24497f5265a84e18d876b1e4f4
SHA256:	01be1f6d74db8b1f9e73c5f0261e4412dcdc21a6d59b7c07925a4c26cbbc6860
SHA512:	727436b27154586911ad04666b9a49ac653e8779edaaadac9ef49ad66763342ac5959035a883316eaeaf82b062849c445f14b80a1ed4d245f931c87bb63eae12
SSDEEP:	49152:NvXKpAw0aOz/6Kk5S0ijOUVJBvw73m8529hoY:ZXYAw0aM/6r5+jOq/w72888
TLSH:	53D54BA2650561CFC0DE17B8542BCDD6984FC6F98B204AC3AC18A47EBD63CC317B6DA5
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0......7....@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x70c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF12D0101FAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	fa1e1d4a113e84cb3c3317ec969e68e8	False	0.9995487830033003	data	7.980180731502382	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lssjeeuw	0x60000	0x2ab000	0x2ab000	18d4b3b869262d3f3ae6ff79f905704e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lmoyuldp	0x30b000	0x1000	0x600	6eb3c0856d5d06422f86de501d502269	False	0.580078125	data	5.028244516449182	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30c000	0x3000	0x2200	0699ddb25d0d81643373df55ba2cb2e6	False	0.006548713235294118	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-21T14:42:11.434728+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.5	58543	1.1.1.1	53	UDP
2024-10-21T14:42:11.454112+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.5	59767	1.1.1.1	53	UDP
2024-10-21T14:42:11.469975+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.5	49551	1.1.1.1	53	UDP
2024-10-21T14:42:11.481218+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.5	64091	1.1.1.1	53	UDP
2024-10-21T14:42:11.492350+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.5	56499	1.1.1.1	53	UDP
2024-10-21T14:42:11.509870+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.5	60138	1.1.1.1	53	UDP
2024-10-21T14:42:11.524735+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.5	51514	1.1.1.1	53	UDP
2024-10-21T14:42:11.535982+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.5	62396	1.1.1.1	53	UDP
2024-10-21T14:42:12.748147+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	23.50.98.133	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 14:42:11.564003944 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:11.564095020 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:11.564189911 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:11.565448999 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:11.565479994 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.185750961 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.185846090 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.189490080 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.189517021 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.189904928 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.233464956 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.234973907 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.275326014 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748188972 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748207092 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748234987 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748254061 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748276949 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.748286009 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748294115 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748312950 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.748338938 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.748753071 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748797894 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748821974 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.748826981 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.748872042 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.750951052 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.750960112 CEST	443	49704	23.50.98.133	192.168.2.5
Oct 21, 2024 14:42:12.750969887 CEST	49704	443	192.168.2.5	23.50.98.133
Oct 21, 2024 14:42:12.750973940 CEST	443	49704	23.50.98.133	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 14:42:11.434727907 CEST	58543	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.445456982 CEST	53	58543	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.454112053 CEST	59767	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.463582993 CEST	53	59767	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.469974995 CEST	49551	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.479455948 CEST	53	49551	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.481218100 CEST	64091	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.491395950 CEST	53	64091	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.492350101 CEST	56499	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.501754045 CEST	53	56499	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.509870052 CEST	60138	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.519721985 CEST	53	60138	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.524734974 CEST	51514	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.535029888 CEST	53	51514	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.535981894 CEST	62396	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.546924114 CEST	53	62396	1.1.1.1	192.168.2.5
Oct 21, 2024 14:42:11.551016092 CEST	53436	53	192.168.2.5	1.1.1.1
Oct 21, 2024 14:42:11.558922052 CEST	53	53436	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 21, 2024 14:42:11.434727907 CEST	192.168.2.5	1.1.1.1	0xb88c	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.454112053 CEST	192.168.2.5	1.1.1.1	0x91f6	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.469974995 CEST	192.168.2.5	1.1.1.1	0x105	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.481218100 CEST	192.168.2.5	1.1.1.1	0xc5ee	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.492350101 CEST	192.168.2.5	1.1.1.1	0xefe2	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.509870052 CEST	192.168.2.5	1.1.1.1	0x4ea1	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.524734974 CEST	192.168.2.5	1.1.1.1	0xb375	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.535981894 CEST	192.168.2.5	1.1.1.1	0x7aac	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.551016092 CEST	192.168.2.5	1.1.1.1	0x6b9b	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 21, 2024 14:42:11.445456982 CEST	1.1.1.1	192.168.2.5	0xb88c	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.463582993 CEST	1.1.1.1	192.168.2.5	0x91f6	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.479455948 CEST	1.1.1.1	192.168.2.5	0x105	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.491395950 CEST	1.1.1.1	192.168.2.5	0xc5ee	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.501754045 CEST	1.1.1.1	192.168.2.5	0xefe2	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.519721985 CEST	1.1.1.1	192.168.2.5	0x4ea1	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.535029888 CEST	1.1.1.1	192.168.2.5	0xb375	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.546924114 CEST	1.1.1.1	192.168.2.5	0x7aac	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 21, 2024 14:42:11.558922052 CEST	1.1.1.1	192.168.2.5	0x6b9b	No error (0)	steamcommunity.com		23.50.98.133	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	23.50.98.133	443	7044	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-21 12:42:12 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-21 12:42:12 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 21 Oct 2024 12:42:12 GMT Content-Length: 25258 Connection: close Set-Cookie: sessionid=d7c205bdb4e8adcf85223d71; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Ca1f33efcba240eb4313f381c8870b8c8; Path=/; Secure; HttpOnly; SameSite=None
2024-10-21 12:42:12 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-21 12:42:12 UTC	10083	IN	Data Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 62 75 6c 67 61 72 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 62 75 6c 67 61 72 69 61 6e 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e d0 91 d1 8a d0 bb d0 b3 d0 b0 d1 80 d1 81 d0 ba d0 b8 20 28 42 75 6c 67 61 72 69 61 6e 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 63 7a 65 63 68 22 20 6f 6e 63 6c 69 63 Data Ascii: <a class="popup_menu_item tight" href="?l=bulgarian" onclick="ChangeLanguage( 'bulgarian' ); return false;"> (Bulgarian)</a><a class="popup_menu_item tight" href="?l=czech" onclic
2024-10-21 12:42:12 UTC	682	IN	Data Raw: 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 4c 65 67 61 6c 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 75 62 73 63 72 69 62 65 72 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 53 74 65 61 6d 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 Data Ascii: s://store.steampowered.com/legal/" target="_blank">Legal</a> \|  <a href="http://store.steampowered.com/subscriber_agreement/" target="_blank">Steam Subscriber Agreement</a>  \|  <a href="http://stor

Target ID:	0
Start time:	08:42:08
Start date:	21/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x440000
File size:	2'967'552 bytes
MD5 hash:	FB40261F71CD9A4F8F97FE59351136F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	66.7%
Total number of Nodes:	36
Total number of Limit Nodes:	4

Executed Functions

Function 0044FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 0044FEDC
VY^_, xrefs: 0044FDFF
t, xrefs: 0044FCBE
J|BJ, xrefs: 0045000D

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: f25abbce215b86f7402e41d3889b118a31949607109eb1564e6ba94af8fb212f
Instruction ID: f81522452a972a82125c76d9723a8f1b2a2479e29bdd2a8aef0c75f7a1229ce4
Opcode Fuzzy Hash: f25abbce215b86f7402e41d3889b118a31949607109eb1564e6ba94af8fb212f
Instruction Fuzzy Hash: 37D169745083809BD310DF14959061FBBE1AB96B49F14882EF8C98B352D33ACD49DB9B

Function 0044D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0044D2F0

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 59ed0110d0c287822717d81794b51ed26575ec7863bc478e8fe09d5a9f94ec91
Instruction ID: db5155034394903cb43eda17dee949fd77d6bc3868a42b8e47b1f8c803c3faa6
Opcode Fuzzy Hash: 59ed0110d0c287822717d81794b51ed26575ec7863bc478e8fe09d5a9f94ec91
Instruction Fuzzy Hash: AE41587090D340ABE701BF65D684A2EFBF5AF52709F048C5EE9C497252C339D8148B6B

Function 00485BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0048973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00485BDE

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 0048695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 004869C5

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 785aba0ebc2610d3c82ea7c98d36e81e2544fedf456b053830e5146e6a930e20
Instruction ID: ec22a2804d4bb6cdafa372825e2513c9b5cc557af67873bb8f1db2da000e4fb0
Opcode Fuzzy Hash: 785aba0ebc2610d3c82ea7c98d36e81e2544fedf456b053830e5146e6a930e20
Instruction Fuzzy Hash: A33187B15183018FD758EF18D8A0B2FB7E1EF96344F148C2EE5C6972A1E3399904CB5A

Function 0045049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348bb549e6971023341dd1e952892dc677b0304015751e25e4decf3be466ea9b
Instruction ID: f10c3442db45a7c0af61c29d77e7495d1c082623321d612738fb5a4a4f871e59
Opcode Fuzzy Hash: 348bb549e6971023341dd1e952892dc677b0304015751e25e4decf3be466ea9b
Instruction Fuzzy Hash: EC918C75200B00DFD324CF25D894A1AB7F6FF8A315F118A7DE8568BA62D734E819CB54

Function 00450228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6365df4f0b2197ea5a76ffcbb13180dcdb6a24724fd0989d54bbc230f2d7ced8
Instruction ID: 1a65676a3c6346dab9b476d1a85d4f0dfaccc2ac12aeb9943168d7b7b560eab4
Opcode Fuzzy Hash: 6365df4f0b2197ea5a76ffcbb13180dcdb6a24724fd0989d54bbc230f2d7ced8
Instruction Fuzzy Hash: 54717A74200701DFD7248F21EC94B1AB7F6FF8A315F1089BDE8468B662D735A819CB64

Function 004899D0 Relevance: .1, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16a05c34282905e640e3d15bffa241c2a87cc97c2909848f6e899c847a4e195
Instruction ID: e5123befc45f207debc5a281ffbab149651b7a26ad0adf9bf8052fb4d47f3816
Opcode Fuzzy Hash: d16a05c34282905e640e3d15bffa241c2a87cc97c2909848f6e899c847a4e195
Instruction Fuzzy Hash: BE41A034208740ABD718AA55E890B3FB7E5EB85714F288C2EF58A97351D339EC01CB5A

Function 004863B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cf356634ef3c07b6b072d363b0024d59b64817ffe9610e4076ec3fa3e876cc98
Instruction ID: 523f4f2b84f71ad28bcec5612d5d21e10b399988073dde805b834e762ed9925f
Opcode Fuzzy Hash: cf356634ef3c07b6b072d363b0024d59b64817ffe9610e4076ec3fa3e876cc98
Instruction Fuzzy Hash: D1312270209301BAD624EB04CD82F3FB3A1EB91B15F64892DF5816B2E1C374A8118B1E

Function 00450EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3b33db6ca6c8c12b15ed99ffbe1e6d1f8dde0e85ef74d3a2955ffab1f2da28
Instruction ID: e9e3346abe86b34e054de43ca690a05b70a34b4562c4c316b14b0ec24c9942f9
Opcode Fuzzy Hash: 8d3b33db6ca6c8c12b15ed99ffbe1e6d1f8dde0e85ef74d3a2955ffab1f2da28
Instruction Fuzzy Hash: D0213DB590021A9FDB15CF94CC90BBEBBB1FF4A305F144819E811BB392C775A915CB68

Function 00483220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 004832A6

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 25623f58763ac0804f506631c6d9540a752f83f886896e86e0af18a5897a1d5f
Instruction ID: f2fde4a3e896ede08021242dc5afadc7f6dd9aa15f8e678433a86e080588f689
Opcode Fuzzy Hash: 25623f58763ac0804f506631c6d9540a752f83f886896e86e0af18a5897a1d5f
Instruction Fuzzy Hash: 3601AD3050D2409BC300EF18E884A1EBBE8EF5AB01F054C6DE4C48B321D339DC20CB96

Function 00483202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00483208

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 318229603b49c03ab5f50351843432008f70fcdf03ab3c7046e0172872497f76
Instruction ID: 53a62e61615485a7a75e542e93899102a8629b23c2918c1f7a59bf0235011cd1
Opcode Fuzzy Hash: 318229603b49c03ab5f50351843432008f70fcdf03ab3c7046e0172872497f76
Instruction Fuzzy Hash: AFB012304400005FDA041B00FC0AF003510EB10605F8000B0A100040B1D1615864C558

Non-executed Functions

Function 0045DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

mjkh, xrefs: 0045E7D8
DCBA, xrefs: 0045E887, 0045E896
xgfe, xrefs: 0045E71D
()./, xrefs: 0045E9CA
|, xrefs: 0045ECB1
`Y^_, xrefs: 0045E99E
lkji, xrefs: 0045E73E
dcba, xrefs: 0045E728
QNOL, xrefs: 0045E775
89>?, xrefs: 0045E9F6
tsrq, xrefs: 0045E6FC
tuJK, xrefs: 0045E967
:WUE, xrefs: 0045F6B7, 0045F6C6
%*+(, xrefs: 0045DE37, 0045DE46
`onm, xrefs: 0045E733
LKJI, xrefs: 0045E6E6
D, xrefs: 0045E846
@ONM, xrefs: 0045E6DB
89&', xrefs: 0045E93B
AR, xrefs: 0045DD10
WP, xrefs: 0045DCEF
<=2, xrefs: 0045EA01
<=:;, xrefs: 0045E930
T, xrefs: 0045F157

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 5139b68c5cbed472deaae58be91ebbaa405d364c0294ebd91460e2242c215c7d
Instruction ID: fb4c0383cdaee1d302dd490c8d5007336349a133488287aacd1d5d3ed8ba3ff0
Opcode Fuzzy Hash: 5139b68c5cbed472deaae58be91ebbaa405d364c0294ebd91460e2242c215c7d
Instruction Fuzzy Hash: 71F278B05083819BD774CF15C484BABBBE2AFD5305F14482EE8C98B252E7399989CB57

Function 004723E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

fedc, xrefs: 00472782
|}&C, xrefs: 00472F21
mlc@, xrefs: 0047275C
aenQ, xrefs: 0047276A
{l`~, xrefs: 0047268C
`tii, xrefs: 00472693
%*+(, xrefs: 004740EF
3<, xrefs: 004732D6
ggxz, xrefs: 00472685
f@~!, xrefs: 004725FF
:, xrefs: 004732DD
Cx, xrefs: 0047453D

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: ce3bd3d96bcfe1f0b03884fb2ddd6670ef4a9534e6e4f342561f10d1f6140c40
Instruction ID: 6139968981ba8f75d1d12c4f33698088bfcf4e1fecb039f24e4ff79c3b223c22
Opcode Fuzzy Hash: ce3bd3d96bcfe1f0b03884fb2ddd6670ef4a9534e6e4f342561f10d1f6140c40
Instruction Fuzzy Hash: EF33CD70104B818FD7258F39C5907A3BBE1BF56305F58899ED4DA8B782C739E806CBA5

Function 00469F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

WQ, xrefs: 0046A62B
/), xrefs: 0046A66D
]{, xrefs: 0046A1E7, 0046A1F3
sm, xrefs: 0046A830
Gt, xrefs: 00469FF8
_Y, xrefs: 0046A641
?m,o, xrefs: 0046A13C
CG, xrefs: 0046AA32
N[, xrefs: 0046A375
WH, xrefs: 0046AA1C
%e6g, xrefs: 0046A152
kW, xrefs: 0046A380
JG, xrefs: 0046AA27
=], xrefs: 0046A36A
hi, xrefs: 0046AB9D
S], xrefs: 0046A636
(a*c, xrefs: 0046A147

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 15547c79284a2e642160c1e3cb66ebb8115d3ae47ba25f62066ee8f6c062bd8c
Instruction ID: 50c3fdd229caf8c467b4261c582c4cf47f5b467f598808634258995f85cc784d
Opcode Fuzzy Hash: 15547c79284a2e642160c1e3cb66ebb8115d3ae47ba25f62066ee8f6c062bd8c
Instruction Fuzzy Hash: 1052C6B400D3858AE270CF26D581B8EBAF1BB92744F608E1EE1ED9B255DB748045CF97

Function 00469510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

?M0K, xrefs: 00469968
X/R), xrefs: 00469AEB
z=Q?, xrefs: 00469826
!E4G, xrefs: 00469836
L3Y=, xrefs: 00469B03
8;, xrefs: 00469B13
T#a-, xrefs: 00469AE3
G+X5, xrefs: 00469AF3
;IJK, xrefs: 0046983E
,A&C, xrefs: 0046982E
pq, xrefs: 004699E0
G'M!, xrefs: 00469ADB
B7U1, xrefs: 00469AFB
O+f), xrefs: 00469634, 0046963D
2A"_, xrefs: 00469980
B?Q9, xrefs: 00469B0B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 5171a20dde13e5125c9347e3ec9b626ed10b39484a461d58b0d98064dc57acf7
Instruction ID: e780e19b5853053a50d8053d18d34ed9f325b5751cc76e96e620b827211ebbbd
Opcode Fuzzy Hash: 5171a20dde13e5125c9347e3ec9b626ed10b39484a461d58b0d98064dc57acf7
Instruction Fuzzy Hash: 7FF130B0508380ABD310DF55D880A2BBBE8FB96748F144D1DF4D59B251E378D908CB9B

Function 0046DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0046E143
,Q?S, xrefs: 0046E26F
F, xrefs: 0046E403, 0046E664, 0046E7BD
rF, xrefs: 0046E92E
-M2O, xrefs: 0046E25A
n\+H, xrefs: 0046DDC0
<Y.[, xrefs: 0046E27D
F, xrefs: 0046E9C5
upH}, xrefs: 0046DE8A, 0046E798, 0046DF4A
{E, xrefs: 0046E323
)IgK, xrefs: 0046E261
=]+_, xrefs: 0046E276
Y9N;, xrefs: 0046E245
hX]N, xrefs: 0046DDC7

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: F$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rF$upH}${E$F
API String ID: 0-7631931
Opcode ID: d5b5bea9d29c8fcdcc6a2c2a4d5b7fd9b27f7604b7fb836ea1d4e456bb1f51c2
Instruction ID: 2ca5e555d1c7071159f11e4c40486d82c74d2f5c53d3ae578c1a86ad4c105b18
Opcode Fuzzy Hash: d5b5bea9d29c8fcdcc6a2c2a4d5b7fd9b27f7604b7fb836ea1d4e456bb1f51c2
Instruction Fuzzy Hash: 7D921475E00205CFDB04CFA9D8816AEBBF2FF59314F28816AD416AB3A1D735AD01CB95

Function 00609552 Relevance: 12.9, Strings: 9, Instructions: 1644COMMON

Download Yara Rule

Strings

r&}T, xrefs: 0060A56F
{}{, xrefs: 0060A6E4
yk87, xrefs: 00609EAC
{j, xrefs: 00609ABB
b]@k, xrefs: 0060A1F1
{, xrefs: 0060A0FF
9>O, xrefs: 0060A1B6
>r}>, xrefs: 006097EF
R)wO, xrefs: 00609821

Memory Dump Source

Source File: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: {$>r}>$R)wO$b]@k$r&}T$yk87${}{$9>O${j
API String ID: 0-3843037509
Opcode ID: a1ab00e9bab81e5e36759d0893be4bac660a607b17671955a6c03ed7bd6b93b9
Instruction ID: f0cf87f9817f0c64e4d950b41d84ff1cfb23755d9bf8486a98cd8de20bbb0866
Opcode Fuzzy Hash: a1ab00e9bab81e5e36759d0893be4bac660a607b17671955a6c03ed7bd6b93b9
Instruction Fuzzy Hash: CEB2F4F3A0C2109FE3046E2DEC8567AFBE5EF94720F16493DEAC493744EA7558048796

Function 0060B07E Relevance: 11.6, Strings: 8, Instructions: 1638COMMON

Download Yara Rule

Strings

`hw, xrefs: 0060BEE5
{&'G, xrefs: 0060B9F0
lP~?, xrefs: 0060B7F6
PU?, xrefs: 0060C106
20N, xrefs: 0060B900
#w~g, xrefs: 0060BA30
Zwc{, xrefs: 0060B2B8
Z, xrefs: 0060B79E

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: #w~g$20N$PU?$Zwc{$`hw$lP~?${&'G$Z
API String ID: 0-1838337507
Opcode ID: beb794c964aadb003839f95d688048bac6db0a00c4611968cb9db40ae40d840f
Instruction ID: 497d163ca1f9f928bd156e00c55554b330894415c88011894ef9b15944213d28
Opcode Fuzzy Hash: beb794c964aadb003839f95d688048bac6db0a00c4611968cb9db40ae40d840f
Instruction Fuzzy Hash: 43B208F3A0C2109FE304AE2DEC8567ABBE5EF94720F1A453DEAC5C3744E93598058697

Function 0046098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

9.5^, xrefs: 00460F9F
%*+(, xrefs: 00460A77, 00460A86
cah`, xrefs: 0046107E
{, xrefs: 00461502
gce/, xrefs: 00461073
&> &, xrefs: 00460F89
qrqp, xrefs: 00461089
,#15, xrefs: 00460F94

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: d69eaec5a3edb51b4610f66fd352fe78376b108caa472fc3425c98fe51a5bb8b
Instruction ID: 2817f9279ff4c9714f2d32b11d7f97558dc3512b268d5e9ce220a9589840c500
Opcode Fuzzy Hash: d69eaec5a3edb51b4610f66fd352fe78376b108caa472fc3425c98fe51a5bb8b
Instruction Fuzzy Hash: 056298B16083818FD730CF14D891BABB7E1FF96318F08492EE49A8B651E7799940CB57

Function 00441000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 0044157D, 004415EB
gfff, xrefs: 00442297
0123456789abcdefxp, xrefs: 00441587, 004415F8
-, xrefs: 004421ED
@, xrefs: 00442C40
gfff, xrefs: 00442226
gfff, xrefs: 004422E1

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 8231c2f5c7f97d2a61a2836912b6c2a5a3b8c16425b5b06dfacb021fe29d484b
Instruction ID: c5e157be5f73782faa50c7592bd2ee5cd57a56fcae40574a2d4cf7301763ccaa
Opcode Fuzzy Hash: 8231c2f5c7f97d2a61a2836912b6c2a5a3b8c16425b5b06dfacb021fe29d484b
Instruction Fuzzy Hash: 7DD203716083418FE718CE29C49436BBBE2AFD9314F188A2EF499C7391D778D945CB86

Function 006101C5 Relevance: 10.4, Strings: 7, Instructions: 1608COMMON

Download Yara Rule

Strings

h], xrefs: 0061132D
@7{, xrefs: 00610513
wge, xrefs: 0061036E
@y_, xrefs: 0061031D
h], xrefs: 0061133A
"={}, xrefs: 006111AF
]Qe, xrefs: 00610A54

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: "={}$@y_$wge$@7{$]Qe$h]$h]
API String ID: 0-4111876572
Opcode ID: 3b9ecce46da9098e3978c600418be9d0140faa81f17720040e07b2c6d76efa3b
Instruction ID: a48b47a1ec4efc10f920e773299efcab5228080586a210956c52dbac60aa9384
Opcode Fuzzy Hash: 3b9ecce46da9098e3978c600418be9d0140faa81f17720040e07b2c6d76efa3b
Instruction Fuzzy Hash: 57B20AF360C200AFE304AE2DEC8567ABBE9EFD4720F1A453DE6C4C7744E63598458692

Function 00616D4F Relevance: 9.2, Strings: 6, Instructions: 1669COMMON

Download Yara Rule

Strings

5}{[, xrefs: 00617D8E
JK~+, xrefs: 00617F5E
zN|{, xrefs: 00617042
>1~v, xrefs: 00617854
6Ak>, xrefs: 00617E21
7Ak>, xrefs: 00617E26

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 5}{[$6Ak>$7Ak>$>1~v$JK~+$zN|{
API String ID: 0-1482026452
Opcode ID: 7af0664f0dc2cdd1093febd8730982e52aa1b260fdc059c3acc8902db36b19c3
Instruction ID: 65b527eb6576b6f94db0f000f2fdbb9eff7df367165e553d69b3ac1f1148cabc
Opcode Fuzzy Hash: 7af0664f0dc2cdd1093febd8730982e52aa1b260fdc059c3acc8902db36b19c3
Instruction Fuzzy Hash: CCB226F390C2149FE3046E2DEC8567AFBE9EF94720F1A493DEAC4C3744E63598058696

Function 00611C01 Relevance: 9.1, Strings: 6, Instructions: 1606COMMON

Download Yara Rule

Strings

S_7{, xrefs: 0061225F
&pw, xrefs: 006126CF
i7Y, xrefs: 00612E5A
u#}?, xrefs: 0061232D
hSo, xrefs: 006128FE
.G, xrefs: 00611EB7

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: &pw$.G$S_7{$i7Y$u#}?$hSo
API String ID: 0-750264754
Opcode ID: ec41644a1a04eebe5aadfd606d7472b42fc16c6aa7d85fbda261664466738f0e
Instruction ID: d5f15e64ef24a8af11a473a6e16f7850c32b9ab7d8459b53f78bf24fed826c09
Opcode Fuzzy Hash: ec41644a1a04eebe5aadfd606d7472b42fc16c6aa7d85fbda261664466738f0e
Instruction Fuzzy Hash: 2EB238F3A08204AFD3046E2DEC8567AFBE9EF94320F1A453DEAC4D7744E63598058697

Function 0060CAAA Relevance: 7.9, Strings: 5, Instructions: 1659COMMON

Download Yara Rule

Strings

Fo>, xrefs: 0060DB78
[, xrefs: 0060D20F
Tj5}, xrefs: 0060DADD
'Ljj, xrefs: 0060D5F2
.5, xrefs: 0060CC35

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 'Ljj$.5$Fo>$Tj5}$[
API String ID: 0-4189075828
Opcode ID: 12805a8e9c0759aba0377f712d03afa301723a8fb741c4d86d0e6bebe9d24ab3
Instruction ID: a71bee7cb0cd046848e0f27fb0b21a7ab9b32167cd4583b873f1b364faa066d4
Opcode Fuzzy Hash: 12805a8e9c0759aba0377f712d03afa301723a8fb741c4d86d0e6bebe9d24ab3
Instruction Fuzzy Hash: C5B2F7F360C2049FE3046E2DEC8577ABBE5EF94760F1A493DEAC4C3744EA3598058696

Function 004412F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 004428EA
0, xrefs: 00441DC1
0, xrefs: 0044243E
0, xrefs: 00441E88
@, xrefs: 00443531

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 5b6c980af3364c2e15d2b4d8bb4087ac886b898efcd878b65e12e51d567354e9
Instruction ID: 293c462a1938e78bd78cd0275e709db144fc63d6943ce83dee4840ed0fb9b796
Opcode Fuzzy Hash: 5b6c980af3364c2e15d2b4d8bb4087ac886b898efcd878b65e12e51d567354e9
Instruction Fuzzy Hash: A562E27160C3819BE318CE28C59036BBBE1AFD5344F588A1EF8D987391D7B8D945CB46

Function 0044164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 0044164F
gfff, xrefs: 00441F3C
0123456789abcdefxp, xrefs: 00441659
+, xrefs: 00441573
gfff, xrefs: 00441F57

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: f494a460fda5cf3c65e5be677c0499073e461872161782b5d7af2df4bbb3412b
Instruction ID: c90b7b1610e5cf5e3ca462560d6447703681d83da1ea192c9f0d9dd8db395ac1
Opcode Fuzzy Hash: f494a460fda5cf3c65e5be677c0499073e461872161782b5d7af2df4bbb3412b
Instruction Fuzzy Hash: C3F1D23060C3818FD715CE28C58026AFBE2AFD9304F588A6EF4C987352C778D949CB96

Function 004413A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 004413A3
-, xrefs: 00441F23
gfff, xrefs: 00441F3C
0123456789abcdefxp, xrefs: 004413AD
gfff, xrefs: 00441F57

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: a008d08052e68b309b11569ddcac168a42252085f10d99c6a3710cc37da2273a
Instruction ID: 1ae9970e4a98e3207dc1d70771313ca1ebbd0ee0d65919883ef56b3b0bd1e0e9
Opcode Fuzzy Hash: a008d08052e68b309b11569ddcac168a42252085f10d99c6a3710cc37da2273a
Instruction Fuzzy Hash: 51D1B03160C7818FD715CE29C58026AFFE2AFD9308F08CA6EE4D987356D678D949CB52

Function 0060E5DC Relevance: 6.6, Strings: 4, Instructions: 1599COMMON

Download Yara Rule

Strings

[K%p, xrefs: 0060E8FB
Lzk7, xrefs: 0060E79A
bU, xrefs: 0060EF14
,/oW, xrefs: 0060E939

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: ,/oW$Lzk7$[K%p$bU
API String ID: 0-1378208136
Opcode ID: c4b48263deea6146a932e0a1e3310e3b24c50b2def888f9c755dd5b1a3fab099
Instruction ID: ff4f23869e05b7434eeaabaee8178dd686840598ff4d476d09cf90ea27ce5d47
Opcode Fuzzy Hash: c4b48263deea6146a932e0a1e3310e3b24c50b2def888f9c755dd5b1a3fab099
Instruction Fuzzy Hash: 2CB2F3F360C204AFE3046E29EC8567AFBE9EF94720F1A893DE6C4C3744E63558458697

Function 00621038 Relevance: 6.5, Strings: 4, Instructions: 1455COMMON

Download Yara Rule

Strings

w]{, xrefs: 00621FD9
yww|, xrefs: 006221DE
bk|, xrefs: 006221AF
$w]}, xrefs: 00621503

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: $w]}$bk|$yww|$w]{
API String ID: 0-607232157
Opcode ID: b62064f47620d6ffac0a29f420956fca0fa76d556e2c838e280997e1cf374aeb
Instruction ID: 697dea69ea376012e4ac4f2ac53d38b735eedb285bb96898b6777244e8fd8bbf
Opcode Fuzzy Hash: b62064f47620d6ffac0a29f420956fca0fa76d556e2c838e280997e1cf374aeb
Instruction Fuzzy Hash: E1A209F3A0C6049FE3046E2DEC8567AB7E9EF94720F1A493DEAC4C7344E97598058693

Function 0046FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

:, xrefs: 00470087
m1s3, xrefs: 0046FEC3, 0046FECB
uvw, xrefs: 0046FE95
NA_I, xrefs: 0047036D

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: cb2518d27c196d8909a10a2c2157cda52ec1ba614d19c5061b51e5436659085f
Instruction ID: 4dce7bef7423896eafa8a3c19a8330b1ecf4af3d014d7512427bd57c4eb71067
Opcode Fuzzy Hash: cb2518d27c196d8909a10a2c2157cda52ec1ba614d19c5061b51e5436659085f
Instruction Fuzzy Hash: 3132DCB0509381DFD300DF29D880A6BBBE1AB96314F148D6EF5D58B362D339D905CB5A

Function 006188DF Relevance: 5.4, Strings: 3, Instructions: 1699COMMON

Download Yara Rule

Strings

N.u{, xrefs: 006194B8
r_m, xrefs: 0061950F
`MEy, xrefs: 00618A85

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: N.u{$`MEy$r_m
API String ID: 0-3801533190
Opcode ID: f29a89e2073257dbd240698821576465938a4dd94ec9155c0138450df0ff157f
Instruction ID: 593d416b4fc0b2d4314ad19bf0ba3e1932172ed40106887346744daabcb18fae
Opcode Fuzzy Hash: f29a89e2073257dbd240698821576465938a4dd94ec9155c0138450df0ff157f
Instruction Fuzzy Hash: EBB218F36082149FE304AE2DEC8567BBBD9EF94760F1A4A3DEAC4C3744E63558018796

Function 00453BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 00453C80
;z, xrefs: 00453C87
ss, xrefs: 00453C79
%*+(, xrefs: 00453EC4

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 94f8841f61cfcaa176b90f09ac01b55460c7e407bc57c0f466f739ee592436eb
Instruction ID: bab3590f2fb8d23a89d5824eae840c58c6d08ab40aed059bded33d90d97d8d01
Opcode Fuzzy Hash: 94f8841f61cfcaa176b90f09ac01b55460c7e407bc57c0f466f739ee592436eb
Instruction Fuzzy Hash: 36026CB4810B00AFD760EF25D986757BFF0FB01305F50495DE89A8B686E334A419CFA6

Function 00462260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

a|, xrefs: 00462317
lc, xrefs: 00462507
hu, xrefs: 0046232F
sj, xrefs: 00462327

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: cf8266a5b40ec99c654627aa37fac3d06443191d0adf4d5827d1e138eac8b933
Instruction ID: d18d4c6050a25bf5156e4ef3cb7ca1e8c5f8a677ebfad4a964d3365ab496a348
Opcode Fuzzy Hash: cf8266a5b40ec99c654627aa37fac3d06443191d0adf4d5827d1e138eac8b933
Instruction Fuzzy Hash: 0EA178B04083419BC7209F18C891A2BB7F0FF96354F188A0EE8D59B391E779D941CB9B

Function 0061F35E Relevance: 5.4, Strings: 3, Instructions: 1605COMMON

Download Yara Rule

Strings

<=, xrefs: 006200D7
b;, xrefs: 0062062C
3B]N, xrefs: 0061F6CB

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 3B]N$<=$b;
API String ID: 0-2944958083
Opcode ID: 4939e73e78a17725ea28e1168bbdad5bb9fb33166c1206ae683348cc2f345e2c
Instruction ID: be33a44222c0776a3998b235fc5e5744182a6eb04cabf642be42c98c6f365490
Opcode Fuzzy Hash: 4939e73e78a17725ea28e1168bbdad5bb9fb33166c1206ae683348cc2f345e2c
Instruction Fuzzy Hash: 85B205F3A0C200AFE3046E29EC8567AFBE5EF94720F16493DEAC487744E63558458797

Function 0046D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 0046D98B
#', xrefs: 0046D9EA
KV, xrefs: 0046D97D
T>, xrefs: 0046D984

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 40cc4c6b9e9b07e7366d93c5c6c3848f7738d5518d0f2fa07d91de9468cf8af0
Instruction ID: 3fa90d711862a8321ccb290f7bb6d2c374d391dd0f428a7d506e99653f83d7e5
Opcode Fuzzy Hash: 40cc4c6b9e9b07e7366d93c5c6c3848f7738d5518d0f2fa07d91de9468cf8af0
Instruction Fuzzy Hash: 928164F4C01B459BCB20DF96D28515EBFB1BF12300F60460DE486ABA55D334AA55CBE7

Function 0046AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

,{*y, xrefs: 0046AD07, 0046AD13
lk, xrefs: 0046ACBC
(g6e, xrefs: 0046ACA1
4c2a, xrefs: 0046ACA9

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 47a574a41a1f44e960e206603371e05a0ed180475569ee008734a605178303b2
Instruction ID: c5efaefb762ef010663799be996c397a6e67471c7aae62552894d1ad8453e5a5
Opcode Fuzzy Hash: 47a574a41a1f44e960e206603371e05a0ed180475569ee008734a605178303b2
Instruction Fuzzy Hash: 5A416674408382CAD7209F20D900BABB7F4FF86345F54596EE5C8A7260EB36D944CB9B

Function 0046C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 0046C537
%*+(, xrefs: 0046C9E4, 0046C9ED
%*+(, xrefs: 0046C8C3, 0046C8CB

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: a5cf56b580b0a6067a5b35440bcd3cd62fd947c589e930c9332e69b16a341952
Instruction ID: 9b8ace5b4c0ccdc77093608e9997c9c5e5d1d975ecee40f6e51862f276e1f230
Opcode Fuzzy Hash: a5cf56b580b0a6067a5b35440bcd3cd62fd947c589e930c9332e69b16a341952
Instruction Fuzzy Hash: A0E197B1908341DFE3209F65D881B2BBBE5FB95344F48882EE5C987261E739D814CB97

Function 0061A47B Relevance: 4.2, Strings: 2, Instructions: 1665COMMON

Download Yara Rule

Strings

UXU7, xrefs: 0061AC10
{, xrefs: 0061AB6B

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: UXU7${
API String ID: 0-8952438
Opcode ID: b5c9c0cb70ca7018780f3819e40f4f78aa913f7dc9681a0f49b344b66bf0f0e4
Instruction ID: 471f1f843f2289041581b6f0c63631e6244f21a41893b787c8fd443e33da35dc
Opcode Fuzzy Hash: b5c9c0cb70ca7018780f3819e40f4f78aa913f7dc9681a0f49b344b66bf0f0e4
Instruction Fuzzy Hash: 8FB218F3A0C2149FE3046E2DEC85A7AFBE9EF94360F16453DEAC4C7744EA3558018696

Function 0061D7E5 Relevance: 4.2, Strings: 2, Instructions: 1660COMMON

Download Yara Rule

Strings

X8>W, xrefs: 0061DE7F
\8>W, xrefs: 0061DE79

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: X8>W$\8>W
API String ID: 0-3142847380
Opcode ID: 78c33df7c6bb7fa27cbb4183f1c1f23a54d1a800a328fe0fd284ed0c60fc2852
Instruction ID: 0ad1c7956103a920cf448d7a96292e36acff6ef90d9d5fd6cc4ecce7203b4476
Opcode Fuzzy Hash: 78c33df7c6bb7fa27cbb4183f1c1f23a54d1a800a328fe0fd284ed0c60fc2852
Instruction Fuzzy Hash: 73B228F3A0C2049FE304AE2DEC8567ABBE9EF94720F1A463DE6C4C7744E63558058796

Function 00448590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00448616
), xrefs: 0044860C
IEND, xrefs: 004489F0

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 465fd1fd4daad80287a94337f744c9a74b3dd1106e17bc71910b35ddda25f72e
Instruction ID: 167373c66aa3bf972659606080c3356f772a729961ffc733346ec0f829a128a8
Opcode Fuzzy Hash: 465fd1fd4daad80287a94337f744c9a74b3dd1106e17bc71910b35ddda25f72e
Instruction Fuzzy Hash: CFE1D1B1A087019FE310DF29C88172FBBE0BB94318F14492EE99597391DB79E915CBC6

Function 006143C1 Relevance: 3.1, Strings: 2, Instructions: 587COMMON

Download Yara Rule

Strings

Pj^}, xrefs: 006145E9
g3^, xrefs: 00614594

Memory Dump Source

Source File: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: Pj^}$g3^
API String ID: 0-220021418
Opcode ID: d0e652962b6b6da6bc87550eca0d9be51abfe1648dc94a2e5f0de09ee383e0d0
Instruction ID: 3d5bb237636eee57c4279dac25dda58caf82670bb84e76249c0bda46461e4b3f
Opcode Fuzzy Hash: d0e652962b6b6da6bc87550eca0d9be51abfe1648dc94a2e5f0de09ee383e0d0
Instruction Fuzzy Hash: FC12A0B250C7049FE3047F29EC8566AFBE5EF94720F1A892DE6C483740EA7558518B87

Function 00484040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 0048420C
%*+(, xrefs: 004840A4, 004840AD

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: c8ed82e1eae0c2ca928cb7772e0479bbf55a165f6ad9c7dc38b39a2ecb611ea7
Instruction ID: bc7c91c1e2c24e5dcb52cc875c8bed61c134f0b91c960fb47a50b0cd1d94ba37
Opcode Fuzzy Hash: c8ed82e1eae0c2ca928cb7772e0479bbf55a165f6ad9c7dc38b39a2ecb611ea7
Instruction Fuzzy Hash: F612AC716083429FC715EF18C880B2FBBE2BBC9314F188E6EE49497391D739D9458B96

Function 0047F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 0047F6E6
dg, xrefs: 0047F7F5

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 38c7dbd373c5312683f7319166c8dca540142f8e496d5a5bd683f7711342bdde
Instruction ID: 72fc12e9c14691e9c50ebed35830f12dbf2c96a01c502dccdce6566f89eb4c54
Opcode Fuzzy Hash: 38c7dbd373c5312683f7319166c8dca540142f8e496d5a5bd683f7711342bdde
Instruction Fuzzy Hash: E7F19771618341EFE304CF24C890B6ABBE5FB96344F14892EF1898B2A1C738D845CB5A

Function 004435B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 0044360E
Inf, xrefs: 00443607

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 4852df247c2dd34f4cb27c347de05fa05b3335cc1472b9d4f76dd852cdf012e9
Instruction ID: fcb3d35fc744a1ebfb42cda214acffdafeadd9d9c144d9d681fcda8c06b201c0
Opcode Fuzzy Hash: 4852df247c2dd34f4cb27c347de05fa05b3335cc1472b9d4f76dd852cdf012e9
Instruction Fuzzy Hash: F7D106B1A083119BD704CF28C88061FF7E1EBC8B51F15892EF89997390E779DD058B86

Function 00536E1E Relevance: 2.7, Strings: 2, Instructions: 190COMMON

Download Yara Rule

Strings

W;", xrefs: 0053700D
d;K, xrefs: 00536FF6

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: W;"$d;K
API String ID: 0-3069714104
Opcode ID: 9eae7cd70e64692e9ae5d42b2824fb58b5b75052e7f1535ec7c219af97035145
Instruction ID: ccb2d0dd5126b7ef73fa1e12c64eca2ef4308c716fd1cddead57f0f641ac6429
Opcode Fuzzy Hash: 9eae7cd70e64692e9ae5d42b2824fb58b5b75052e7f1535ec7c219af97035145
Instruction Fuzzy Hash: C051D3F3A082009FE7046E19EC4176AF7EAEF94320F1B493DEAD4C7780E93958448686

Function 0045FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00460197
Ye[g, xrefs: 004600F6

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: b990ec9d187d4ee6809f9da37d2250eb78742b180f932428009f4895020b8748
Instruction ID: e6900a9402dc0ad181a1d29bd5ad2f15079e19ce8bdc52418389dfa4e5088c19
Opcode Fuzzy Hash: b990ec9d187d4ee6809f9da37d2250eb78742b180f932428009f4895020b8748
Instruction Fuzzy Hash: 5451AAB16083818BD731CF14C881BABB7E0FF96324F19491EE49A9B651F3789940CB5B

Function 00445160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 004454C8

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 385304c122a3b75d1fd9cfefcf488d7572008c355e15eaf54da223e01a6546a0
Instruction ID: 86159c7c1dd8fedb018e9513aee183f63bb7070ce5efe5be664fc6de5705cd64
Opcode Fuzzy Hash: 385304c122a3b75d1fd9cfefcf488d7572008c355e15eaf54da223e01a6546a0
Instruction Fuzzy Hash: 1222C3B6A08B428BFF158E18D54032BBBA2AFE1304F19856FD8594B343E779DC05C74A

Function 004712D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 004715D1

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 0ac8cc40f2f1259d99bce04860f463671f315febcdaa8b0d8787af2a637f4d08
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 89F14671A083415BC724CE2DC4906ABBBE5AFC1354F1CC96EE89E873A2D638DD058796

Function 0046AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0046B2D3, 0046B2DB

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 3266e4e1f8e9056cc50c90082421a0a1b9b94f8664cd071e1e6e348574106248
Instruction ID: 33a8948af88b74d64bafbed73e0c3e97af3be8329375f19f24676b953570264c
Opcode Fuzzy Hash: 3266e4e1f8e9056cc50c90082421a0a1b9b94f8664cd071e1e6e348574106248
Instruction Fuzzy Hash: E5E19A71508306DBC714DF28C49056BB7E2FFA9781F54892EE8C587320E339A995CB8B

Function 00456EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00456EF3

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 6d2434b204701cf0fc4efba5c5e244581c3691d44a42600dc997a281e6d3461b
Instruction ID: 85cc3afb6f651f42ee9281c87f1dc6922e57fe2e7365d1a86cb0e446ee0f3b7e
Opcode Fuzzy Hash: 6d2434b204701cf0fc4efba5c5e244581c3691d44a42600dc997a281e6d3461b
Instruction Fuzzy Hash: 4BF1BFB5A006018FD724DF24D881A26B3F2FF49315B55893ED88787792EB38F919CB49

Function 00467E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00468263, 0046826B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 3a8eed7ebdffdda7411349faffa165387b41683ba2c400fa946f6f2db6c18a81
Instruction ID: 5c0b165fc5aa10d25ff865037f8ab12078392534c0e6b0a3fb387b346509bfef
Opcode Fuzzy Hash: 3a8eed7ebdffdda7411349faffa165387b41683ba2c400fa946f6f2db6c18a81
Instruction Fuzzy Hash: D7C1BFB1508200ABD710AB14C881A2BB7F5EF96758F08491EF8C597351F739DD15CBAB

Function 00468D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00469233, 0046923B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f3149b8e2fa9bc24ea7e5bad5eb8658fe83ff2bdec574c86311ebeece13dc93c
Instruction ID: 8316d23c9c70412975468a3dee3bb68509b10a02b818edadb751ddcb80a574df
Opcode Fuzzy Hash: f3149b8e2fa9bc24ea7e5bad5eb8658fe83ff2bdec574c86311ebeece13dc93c
Instruction Fuzzy Hash: 51D1EC70608302DFD708DF68D890A2AB7E5FF99304F09497EE88687391E739E910CB56

Function 00454487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON

Download Yara Rule

Strings

BIE, xrefs: 0045485E

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: BIE
API String ID: 0-2874327535
Opcode ID: 54787ab6a84dacc76e6d1c32b06b7fe9287a5cfa546c190cbccbdfc355a3bf0d
Instruction ID: b10e7dad354e5ec5300e8e0e6ec321095679a41bc6478c493a78fda86227dfa8
Opcode Fuzzy Hash: 54787ab6a84dacc76e6d1c32b06b7fe9287a5cfa546c190cbccbdfc355a3bf0d
Instruction Fuzzy Hash: E8E1F0B5501B008FD3218F28D992B97B7E1FF46709F04886DE8AACB752E735B854CB58

Function 00487FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00488167

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 7f92074675640ca34a9a441b852c952920812fed8cb061e7328a0d26202d3e54
Instruction ID: 4fb0a9b397c778e98cdfd9ce08dcffce303cbf0ad91d5cdf22d6d5aece82ca73
Opcode Fuzzy Hash: 7f92074675640ca34a9a441b852c952920812fed8cb061e7328a0d26202d3e54
Instruction Fuzzy Hash: 6CD115329082654FC725DE18D89071FB7E1EB81718F558A3DE8A5AB380DB79DC06C7C6

Function 00486CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

"pH, xrefs: 00487015

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: "pH
API String ID: 0-2477849544
Opcode ID: d67ef246d8fcf6590bd15cbbfc5aa09865fed7999dd8fba110935f6f4c59f1f0
Instruction ID: ef983d1264fe26bbfefca7a5e3d41608b51f1eb6f8ef05ddaeb37943fbdd1a36
Opcode Fuzzy Hash: d67ef246d8fcf6590bd15cbbfc5aa09865fed7999dd8fba110935f6f4c59f1f0
Instruction Fuzzy Hash: 02D10036618751CFC711CF78E8C052AB7E2AB9A315F098A7EE991D73A1D334DA40CB85

Function 0046CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0046CDC3, 0046CDCB

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 1442ef6880e58cb13ebc2ed6e6f229d40a30a67b0b36bb09d1708cca26169542
Instruction ID: 2d40e2db980863a49e3b4f7d826061398008f71041620b6d056271e655037855
Opcode Fuzzy Hash: 1442ef6880e58cb13ebc2ed6e6f229d40a30a67b0b36bb09d1708cca26169542
Instruction Fuzzy Hash: F9B1EE70A093418BD714DF54D880A3BBBE2EB96344F14482EE5C58B391E339E855CBAB

Function 0044A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 0044A9C3

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: ff6d558af1697c49ef9bc51c7c88d6331aee4a4cb44bc7cf1d504540d80aaa56
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 94B128711083819FD324CF18C88461BBBE1AFA9704F488E2DF5D997382D675EA18CB57

Function 0047FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0047FCA4, 0047FCAD

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ddf2bf7f7353859a7c9a079c426f739a5e2cca41ab891f0b7560ef671484865a
Instruction ID: 1fb3f511100d81fd36a404015d9ccc3d584bd1c7addf698a60fb3e955bf57364
Opcode Fuzzy Hash: ddf2bf7f7353859a7c9a079c426f739a5e2cca41ab891f0b7560ef671484865a
Instruction Fuzzy Hash: 7481DE71108300EBD311EFA9D984A2FB7E5FB99705F14883EF18997251D738D918CB6A

Function 0045D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0045D663, 0045D66B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b63f954e28065328095bbbe3d866f21ad13b2d019dff2c0d082d2fb2e67789e0
Instruction ID: bc555c9ea88c8c47195662420fcb19c29bde678accfa5dd2d9885f48040bae8b
Opcode Fuzzy Hash: b63f954e28065328095bbbe3d866f21ad13b2d019dff2c0d082d2fb2e67789e0
Instruction Fuzzy Hash: 3E61D272905204DBD720AF58DC82A2B73B0FF94359F08083EF98597362E739D915C79A

Function 00484A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00484C33, 00484C3B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5dfef64b4bfba03e5e2c5cc941aab730234aeb9c70eecef76077d2b86d6fdf53
Instruction ID: 3956dab80175c140af4dd21ed1caa797ff0521e8dbf6f7696d4f0ba4bbbea0b7
Opcode Fuzzy Hash: 5dfef64b4bfba03e5e2c5cc941aab730234aeb9c70eecef76077d2b86d6fdf53
Instruction Fuzzy Hash: D361ED716083029BD711EF55C880B2EB7EAEBC4314F298D2EE5848B391D739EC41CB5A

Function 004D27F0 Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

Yaj, xrefs: 004D280D

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: Yaj
API String ID: 0-2181240465
Opcode ID: 7c665cfed6a08a34df4d60504de8f8a5c13a37adef6a650f9c58d9ac44730bbb
Instruction ID: b5d9bba03815d7e46609735aa252284e43e8a6ad5001ebc110a656b44a98066d
Opcode Fuzzy Hash: 7c665cfed6a08a34df4d60504de8f8a5c13a37adef6a650f9c58d9ac44730bbb
Instruction Fuzzy Hash: 3B5125F3B192151FF308597AEC95B77BACAD7C4330F2A423EEA44C7784D96998024185

Function 0044E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0044E333

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 3de3d79b886b8c40d67bc569b90b2ee82938c24cd7998cb1762b8b8425b202b0
Instruction ID: 168f576b0ce7ec7b445b4249ac26541cdd2698e167f3d8262e14c5be45068408
Opcode Fuzzy Hash: 3de3d79b886b8c40d67bc569b90b2ee82938c24cd7998cb1762b8b8425b202b0
Instruction Fuzzy Hash: E4516833A49A904BE325993E5C5126A7AC73B92334B3DC7BFE9F18B3E0D5598C024355

Function 00483920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004839E3, 004839EB

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 30f0388c8cc9d4775523d4027471325d223991a053d502223e6cf43104f95042
Instruction ID: 42d4b6a6b187a0bcf33ce5aa6d43fa44d4909f9088c888ab9beb3368efb01c31
Opcode Fuzzy Hash: 30f0388c8cc9d4775523d4027471325d223991a053d502223e6cf43104f95042
Instruction Fuzzy Hash: 2751B0746092009BCB28EF55D880A2FB7E5EF85B46F148C2EE4C687351C379DE10CB6A

Function 005BF964 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

T^+, xrefs: 005BFA13

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: T^+
API String ID: 0-2353660249
Opcode ID: 31d16060ffe17f27a1efe6b2b02631044ccf2c781779f9bfdcd2852adf8e56f7
Instruction ID: 64089ef499c3ccaf9183ca4743d9c04926f12189db9f6cee522c05169d57d054
Opcode Fuzzy Hash: 31d16060ffe17f27a1efe6b2b02631044ccf2c781779f9bfdcd2852adf8e56f7
Instruction Fuzzy Hash: F74171F7E081249BE700592EEC447ABBAD9DBD1370F1F4239EAC8D7784E935490682D1

Function 00451BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00451C3E

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: af6a121b29de3c50b8254717d21385241a0c81f9ba73cd86bf165ad2f0645224
Instruction ID: cd92ac9ef28e2b56029b301350372f5c7cf56637c12b9fb65785c1109ecf810f
Opcode Fuzzy Hash: af6a121b29de3c50b8254717d21385241a0c81f9ba73cd86bf165ad2f0645224
Instruction Fuzzy Hash: 004166B40083809BC7159F64D894A2FBBF0FF86315F04891EF9C59B2A1D73AC919CB5A

Function 0047FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00480033, 0048003B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: d2ffb2c1408d8f8e1b989795f2e1086aab3050b6c2728e86563c709a8f7ac9bc
Instruction ID: e97f63538ca37e70e878e41a5ed400e65ac7580f688eabc06208b002fa4d5f78
Opcode Fuzzy Hash: d2ffb2c1408d8f8e1b989795f2e1086aab3050b6c2728e86563c709a8f7ac9bc
Instruction Fuzzy Hash: FE311871918301ABD611FA55EC81B2FB7E8EB86748F144C2AF88597252E339DC18C76B

Function 0046E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 0046E6A2

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: f7e4b970b8b0ee1f6aa3b99d291fbfb009e028ceb20df9536dc03d3791616470
Instruction ID: 7d85d0f3f66ba76c8d1f17aa0122a30cbb8ddffa4d33c1b9d0ecda0a9a1f7717
Opcode Fuzzy Hash: f7e4b970b8b0ee1f6aa3b99d291fbfb009e028ceb20df9536dc03d3791616470
Instruction Fuzzy Hash: 1131E6B5A01205CFDB20DF96E9805AFB7F5FB16305F54082EE446A7311E339A905CBAA

Function 00456F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0045703B

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b7f152714bec71214e119d46c2a183e1f89a8f6340b196321282ef545c59c6ae
Instruction ID: b9932bb0471e05fe27d958ea1dfdb11219c0fffcb84b1e6a7e7b310265d55755
Opcode Fuzzy Hash: b7f152714bec71214e119d46c2a183e1f89a8f6340b196321282ef545c59c6ae
Instruction Fuzzy Hash: 98415C71604B04DBD7358F61D994B27B7F2FB09706F14886EE986577A2E335F8048B18

Function 0046E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 0046E6A2

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 7ad18e6ac6cda1612207353e89ebebf993b564b9f93613196cd95425ce715019
Instruction ID: 54cfa5b4672ea69bac9fa9d7e2492b4cf6153ef680f70d2282c4221a30753f95
Opcode Fuzzy Hash: 7ad18e6ac6cda1612207353e89ebebf993b564b9f93613196cd95425ce715019
Instruction Fuzzy Hash: 9A21E5B5A01205CFD720DF96D98096FBBF5BB1A705F14082ED446A7351D339AD01CBAA

Function 00489CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00489D30

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 955e2ae0b249e4e46cbade0dbb9c0f011ed7ee0f83c13801db008b941fefabab
Instruction ID: 158e3d82c0caa124ddc37e104e018a3ce90953869cbc1dc203016e0bd0139e89
Opcode Fuzzy Hash: 955e2ae0b249e4e46cbade0dbb9c0f011ed7ee0f83c13801db008b941fefabab
Instruction Fuzzy Hash: 023167709097009BD310EF15D880A2FFBF9EF9A314F28892EE5C597251D339D904CBAA

Function 00454E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13b88cbc92e57ebe33cc6be6d6b324fdcd4d35244b91a9d80f31c6f6d4df9d1
Instruction ID: 5373e3e9c0511a82bfcca90423e2410a7e138c0b3e79a7a43d0bb7eb8e845230
Opcode Fuzzy Hash: c13b88cbc92e57ebe33cc6be6d6b324fdcd4d35244b91a9d80f31c6f6d4df9d1
Instruction Fuzzy Hash: 5F6259B0500B009FD725CF24C990B27B7F5AF46705F54896ED89B8BA52E738F848CB99

Function 0044BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 3c68a0349fcf2b2019a66698c7fbb6e336c4d0953decb48cbf8c90976a178f47
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: C752E931A097118BD7659F18D4802BBB3E1FFD5319F1D8A2ED9C693390D738A851CB8A

Function 00488652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9844c1c799bbc18cbd190b2f2ab4ffa1989fdcdc8a1b3dcba81b16fbad0ed73a
Instruction ID: 3c91b78f97837103c080a12fcb6354642299543201707a2a604d80f2975f9905
Opcode Fuzzy Hash: 9844c1c799bbc18cbd190b2f2ab4ffa1989fdcdc8a1b3dcba81b16fbad0ed73a
Instruction Fuzzy Hash: 5322BB35608240CFC704EF68E890A2EB7E1FB9A319F098D7EE58987361D735D851CB4A

Function 004886F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aab4c0603a5d6c1915f493bb1e2bd6af87269190313d33ebe8a002324323292
Instruction ID: 2dc1168674825245a07c1ad4c033d35438d5f0c8f3e93c9e5b8345cea5b59b60
Opcode Fuzzy Hash: 4aab4c0603a5d6c1915f493bb1e2bd6af87269190313d33ebe8a002324323292
Instruction Fuzzy Hash: A4229B35608340DFD704EF68E890A2EB7E1FB9A319F09897EE58587361C735D851CB4A

Function 0044B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 036630cd9988baaccbef86b0a6c884267ad17c7e677b6c6fd7a1a83eed4a05ca
Instruction ID: a793a42b0af10ea2ed1466ff2920a4d7314fd2dc7d8ec48cdd2e8a54d54799bc
Opcode Fuzzy Hash: 036630cd9988baaccbef86b0a6c884267ad17c7e677b6c6fd7a1a83eed4a05ca
Instruction Fuzzy Hash: E75280B0908B849FF735CB24C4847A7BBE2EB91318F14486EC5D606B82C77DE985C799

Function 004471F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c50f6be7806bcb01eec21d9788ed0435dacc1a4f796c2e6a8446977b5e7fdc9
Instruction ID: 7ddfaacebe39891d2980ec97fa867c0cfc41feb7787d00396907b4bbb81d0686
Opcode Fuzzy Hash: 4c50f6be7806bcb01eec21d9788ed0435dacc1a4f796c2e6a8446977b5e7fdc9
Instruction Fuzzy Hash: 1752C43150C3458FDB15CF24C0806AABBE1FF89318F198A6EE89957351D778E94ACB85

Function 00448FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92cfbe49a413d8bebb18e39a969e47f38580433640d3ac250c031ce3baca9ee1
Instruction ID: 88c26a5eb75b93f1e7c3f273f9253d4826abcfddac48d2c77720f220af3752b4
Opcode Fuzzy Hash: 92cfbe49a413d8bebb18e39a969e47f38580433640d3ac250c031ce3baca9ee1
Instruction Fuzzy Hash: 9A428675608301DFE708CF29D85075ABBE1BF88315F09886DE8898B3A1D739D985DF86

Function 00447BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a1f4a4b9de255fed9762ef5a8a7b8b93f4eabc043b98abf6a0ecbc986b42ae
Instruction ID: cade52c3463a6cdf81a90ff8957802bd6d9eec888b57395561475e75e45ff10a
Opcode Fuzzy Hash: 97a1f4a4b9de255fed9762ef5a8a7b8b93f4eabc043b98abf6a0ecbc986b42ae
Instruction Fuzzy Hash: C8321270514B118FE368CF29C69052ABBF1BF45710B604A2ED6A787F90D77AF846CB18

Function 004889A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b614df9730c05695f424bb113a5ca888726186c598afa91b4293e4f2ecfc30d7
Instruction ID: 6bb9a67cc2e95d55b860820a029b0c8bcf84ccf883ce559e789ab5fa447f45f1
Opcode Fuzzy Hash: b614df9730c05695f424bb113a5ca888726186c598afa91b4293e4f2ecfc30d7
Instruction Fuzzy Hash: 8A029C35608241DFC704EF68E880A2EBBE1FB9A315F098D7EE58587361C339D951CB5A

Function 00488A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea488e77b87eb01efa1ec4f6fb9f7f11b1f4b065b058c2ba63a8413f352f5e15
Instruction ID: de793e6c72c5ccb3d53030a7f75d646568b8b3cf275b2182b56745380c79cf59
Opcode Fuzzy Hash: ea488e77b87eb01efa1ec4f6fb9f7f11b1f4b065b058c2ba63a8413f352f5e15
Instruction Fuzzy Hash: ACF18934608340DFC704EF68D880A2EBBE1AB9A305F098D7EE5C587351D33AD911CB9A

Function 00488C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19517794a7bc459d189c7c15e91c98a519654ecaf798fd63bea6fa234e1df99d
Instruction ID: aaefb48bfa1b34346313612519eb372b889371694537f0374bd93bf5c29173fe
Opcode Fuzzy Hash: 19517794a7bc459d189c7c15e91c98a519654ecaf798fd63bea6fa234e1df99d
Instruction Fuzzy Hash: 6FE1AE31608241CFC704EF68D880A2EB7E1BB9A315F098D7EE5D587351D73AD911CB96

Function 0044A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 41e83eb7795efc9e5e5e8f2e1beed333253fdf6d12ab6864ede717456584b55c
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 07F1CC766483418FE724CF29C88176BFBE2AFD8304F08882EE4C587751E639E955CB56

Function 00488E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b7c17f58e36ca97daa0bd5f9f73352a517f66b640467c5dcb056e2c2afc3d1
Instruction ID: 4e7108cd23f8292445d79a45c21eec488c607bb71e0f22ee8f14ca34e7e7a0a9
Opcode Fuzzy Hash: 94b7c17f58e36ca97daa0bd5f9f73352a517f66b640467c5dcb056e2c2afc3d1
Instruction Fuzzy Hash: 91D19A3460C240DFD705EF28D880A2EFBE5AB9A305F498D6EE5C587351D73AD811CB9A

Function 00487AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d881db908640ed52da9ddfe75e95e8747aabc33ec4ec167aa4cf3dade899bba9
Instruction ID: 57f78ed23b86d9bc618d61fdb815a2fb2c4b350104a865907818fca7dfac477f
Opcode Fuzzy Hash: d881db908640ed52da9ddfe75e95e8747aabc33ec4ec167aa4cf3dade899bba9
Instruction Fuzzy Hash: D7B12572A083504BE314EF29CC9172FB7E5ABC5318F184D2EE99997382E739DC048796

Function 0044AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: b9052f5b9748cd08cb2c824fcbdd870b36951beec67edd18fd8b2cf4769fc633
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: D9C157B2A087418FD360CF68DC96BABB7E1FB85318F08492DD1D9C6342E778A155CB46

Function 00456536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8df38b9d839ebbb3d00972e6af9ee594347402a48d09f535df14aa56b428acf
Instruction ID: 282d81cdb30d2b5362dc642adf8f38febe98b6252a086eb04e0c94069f7972ce
Opcode Fuzzy Hash: e8df38b9d839ebbb3d00972e6af9ee594347402a48d09f535df14aa56b428acf
Instruction Fuzzy Hash: E1B10474500B409FD321CF24D981B17BBF1AF46709F54885DE8AA8BB52E739F809CB59

Function 00487710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c431fac7b9958536f546c6314370ddf36ba97f26f0df4cfa94d63d5cf2015a1a
Instruction ID: 0c38f627df92fc3dcb1104774d865ce9af45d3c36444f3d6d8e7eed86354789c
Opcode Fuzzy Hash: c431fac7b9958536f546c6314370ddf36ba97f26f0df4cfa94d63d5cf2015a1a
Instruction Fuzzy Hash: 2491C17160C301ABE720EB15C890B6FB7E5EB85354F648C2EF59487351E738E940CB9A

Function 0048A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b70e697646deab03284a178085bf4b3c92c0d0b99d58e45ad6fb8c745818bc6a
Instruction ID: 89cf9ff018fdb8874a33f6bcbf8a09482aec15f566244beb74a77c96e4c0f4da
Opcode Fuzzy Hash: b70e697646deab03284a178085bf4b3c92c0d0b99d58e45ad6fb8c745818bc6a
Instruction Fuzzy Hash: 2B81AE342083018BE724EF68D880A2FB7E5EF55744F158D6EE88587351E779E820CB9A

Function 004764F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e5d4b066df50e9e3f9d9534838ce5388b840f43d743567bae2470e568363b7
Instruction ID: e9a320e131711f93c82e9c4fa570944273d4dc4363f4c156ed21d0f25d7775eb
Opcode Fuzzy Hash: 12e5d4b066df50e9e3f9d9534838ce5388b840f43d743567bae2470e568363b7
Instruction Fuzzy Hash: EA71F633B69E904BC3249D7C9C823D6AA434BD6334B3EC37AA9B88B3E5D52D4C065355

Function 004628E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d54a284530c7cd39830babf7616f102aa6e385bf39758188e82b4073c878ed
Instruction ID: efa9fa37ce5e2c7cce85c46c980f2ea0a9b2782a384999e0f1516226b0b52bf0
Opcode Fuzzy Hash: 16d54a284530c7cd39830babf7616f102aa6e385bf39758188e82b4073c878ed
Instruction Fuzzy Hash: 0B6187B4508350ABD310AF19D991A2BBBF0FFA2755F08491EE4C59B361E379C910CB6B

Function 00467C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d127e6c21d40657ddbea5fe2bce6dba76ff357813441ba867c52a9ad875a96d2
Instruction ID: b832fe96de16c667189168d757882c60950a4e0f9e2788cbc116085c03c01280
Opcode Fuzzy Hash: d127e6c21d40657ddbea5fe2bce6dba76ff357813441ba867c52a9ad875a96d2
Instruction Fuzzy Hash: 1751CFB1618204ABDB209F24CC92B7733B4EF85368F184959F9858B391F379EC05C76A

Function 00471860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: ad46b980f0daa4df1163cb1fbdd9672e034587f1b0d74e69743a5919a7e32769
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 5F61DE716093019BD724CE2CC5807AFBBE2ABC5350F65C92FE48D8B361D278DD86974A

Function 004782D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed21f87184a4295dcdba4b41cbcbcc8d1a9e102d8d7ba2d38b6c3d2cee1edc89
Instruction ID: 17792d5d3cdac61037002fae98ac14d2284514e9233239f38e6aaf7f5706a8c5
Opcode Fuzzy Hash: ed21f87184a4295dcdba4b41cbcbcc8d1a9e102d8d7ba2d38b6c3d2cee1edc89
Instruction Fuzzy Hash: A1612833A9A9914BD314453C5C593EA6A831BD2330F3DC37F99B98B3E5DDAE4802435A

Function 004542FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a461d0450cd295ded9796cacff1ebed63b00b94ad0e3469ff8f88212fd7a94ca
Instruction ID: 22e1aed6c23c3a2de406ad7abe47ba3c207e9859a5224e519680573204dc03dd
Opcode Fuzzy Hash: a461d0450cd295ded9796cacff1ebed63b00b94ad0e3469ff8f88212fd7a94ca
Instruction Fuzzy Hash: 498101B4810B00AFD360EF39D907757BEF4AB06205F404A1EE8EA97695E7306459CBE7

Function 0047E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 320828841f58356cb742b75a58499e5365734986d83a9dfb24aec099d0e680eb
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 8A517EB15083548FE314DF69D49435BBBE1BBC9318F044E2EE4E983351E379DA088B86

Function 005EEEFA Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a12dc48ff9a646d47433765b393bbab21647357115f451cac70730448fa6bce8
Instruction ID: d11d61d812c7446aa6371c547209e4fd19c04516eb65f0cdea79649564270c25
Opcode Fuzzy Hash: a12dc48ff9a646d47433765b393bbab21647357115f451cac70730448fa6bce8
Instruction Fuzzy Hash: E151B0F3A082048FE754BE29DC9537ABBE5EF90320F16493DDAC587780EA3958458786

Function 00487520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa25919f53f30646e712fa87b1ab18d034fd22a49b2a2e0d96127f09a641676b
Instruction ID: 018bd14261aad24229ccd64c82e9ee7551f2cdb3dbe312727a7197c991a8663b
Opcode Fuzzy Hash: fa25919f53f30646e712fa87b1ab18d034fd22a49b2a2e0d96127f09a641676b
Instruction Fuzzy Hash: 2251D53160C200ABC715BA58DCA0B2EB7E6EB85764F388E2DE49567391D635EC108755

Function 005D3772 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: affcdc807b7160f59a277d7fc5005b9b01f0777d0070ee81538822dfcaf8933d
Instruction ID: c8803686928fce3a98a89a5710682694e03235e637de41d32276cf738670ff9b
Opcode Fuzzy Hash: affcdc807b7160f59a277d7fc5005b9b01f0777d0070ee81538822dfcaf8933d
Instruction Fuzzy Hash: EA5116F3D092109BE300AA39DC8476AB7E6EFD4320F1B853DE9C887744E97999458693

Function 00445A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2981d3e69a885b6038c9e27ca4afd5213d1edad91d4b1c8f1b8364fe454ec0d
Instruction ID: 930e8160230c3ab394d70c1c4eaaaae52ebd26e9a90d19ebc5f131097d1123d6
Opcode Fuzzy Hash: e2981d3e69a885b6038c9e27ca4afd5213d1edad91d4b1c8f1b8364fe454ec0d
Instruction Fuzzy Hash: E05103B0A047049FEB14DF14D880927B7A0FF85328F19466EF8959B343DA35EC42CB9A

Function 0046EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee02dcf8a951dd60cb2a6c1b32d9f4b3384e9591cf7df4b3487c4315dd080bfa
Instruction ID: de83e9fee1b1d3e02a81e5216c0d546a9292567b27d738460bd5e868cea3c7c8
Opcode Fuzzy Hash: ee02dcf8a951dd60cb2a6c1b32d9f4b3384e9591cf7df4b3487c4315dd080bfa
Instruction Fuzzy Hash: 0A41C178900316DBDF208F55DC91BAEB7B0FF0A344F044559E945AB3A0EB389951CB9A

Function 00489B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c243a98dd62bc898bfd2bf9265f98e72c04d1613cbb22e78023b29793b416c0
Instruction ID: b6e28a48dc68514b5ed2c503a7193317866a6c6e1d5e0391489baa1167ab007c
Opcode Fuzzy Hash: 8c243a98dd62bc898bfd2bf9265f98e72c04d1613cbb22e78023b29793b416c0
Instruction Fuzzy Hash: 18418F34208700ABD710AB55D990B3FB7E6EB95714F288C2EF58A97351D33AED01CB5A

Function 00452030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae060e975d8a758b12a157ddcbbbbca3a446954c6f6c3c5ecfa027067d30b8e1
Instruction ID: 1f7d9b3eee05ce8db2f44cf846742355dd35cef35f4a8f48d54565c2c77ebc37
Opcode Fuzzy Hash: ae060e975d8a758b12a157ddcbbbbca3a446954c6f6c3c5ecfa027067d30b8e1
Instruction Fuzzy Hash: C4410A32A083654FD35CCE29849023EBBE1AFC5700F09862FE9D6873D1DBB88949D785

Function 00451E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4dcda0063b549613c24e2af728cc0dccf4c0de5573b239aa07517628aef021
Instruction ID: 521314b9436c4eba6e2310db3b6f1858f69db3bd540a18563089d1105234975f
Opcode Fuzzy Hash: cd4dcda0063b549613c24e2af728cc0dccf4c0de5573b239aa07517628aef021
Instruction Fuzzy Hash: 354103755083809BC321AB55C884B1EFBF5FB87345F144D1EFAC497292C37AD8188B6A

Function 005B9112 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332d341f1f2cc7ab9ac96e12c9129b0a650b5c3bbba1e38694e366566d5d9565
Instruction ID: 1490b2a35fc84224e6730571f0237fa50384f91c856e8db4d774492f110e79da
Opcode Fuzzy Hash: 332d341f1f2cc7ab9ac96e12c9129b0a650b5c3bbba1e38694e366566d5d9565
Instruction Fuzzy Hash: E94127F3E086208FE3106A29DC8476AB7D2AFD4720F1B452CDAD857784EA749C1586C6

Function 00488D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8a8879ca3a0a258f42798ef8cf62a4419a73940c2389ecdfc81e1a5f005b5d
Instruction ID: 68037e15432b9788fb0e7a065665f7ec7bd92f12d439de672292012d0fb11699
Opcode Fuzzy Hash: fa8a8879ca3a0a258f42798ef8cf62a4419a73940c2389ecdfc81e1a5f005b5d
Instruction Fuzzy Hash: 8241BF316082548FC304EF68C49052EFBE6AF9A300F498A2ED4D597391CB78DD018B86

Function 0045D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7789f3b770ea3b7c6b35b046c432bdd7976d8565f24b88a82e280d2f797ada0e
Instruction ID: 8fdb77721dec0bba190e1106e98640946f94ba61e6086fadf280da413c2b8e35
Opcode Fuzzy Hash: 7789f3b770ea3b7c6b35b046c432bdd7976d8565f24b88a82e280d2f797ada0e
Instruction Fuzzy Hash: 6B41B1B19093818BE7309F10C841BAFB7B0FFA6355F04096EE88A8B752D7784840CB5B

Function 0047F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: c8a0cf82e124f157e02cc2e72ff16b62746c15d5bae3b824a1bf02b0d83290b7
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 9A2125329082644BC3249B69C48057BF7E4EB9A704F46C62ED8C8A7395E3399C1887E6

Function 004867EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb6488cfec7684bbea627d373c84cd1741363101933f9c94940e1aeb47b46863
Instruction ID: 52ff1c586e08f972c410669e0234c40dbcb3138dbcf79fb5888c5540f2da284d
Opcode Fuzzy Hash: eb6488cfec7684bbea627d373c84cd1741363101933f9c94940e1aeb47b46863
Instruction Fuzzy Hash: 8E3114705183829AD714EF14C49062FBBF0EF96789F545C1EF8C8AB261D338D985CB9A

Function 00465E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 166b9ad9d74053acbb3957a5d701dff6a588d6e3618f7d6e84995a0ff2419cb1
Instruction ID: 66167390eb8ce17ddb5d7857d84f14527d9c04afbd6c7445cea4cb16de64c6a1
Opcode Fuzzy Hash: 166b9ad9d74053acbb3957a5d701dff6a588d6e3618f7d6e84995a0ff2419cb1
Instruction Fuzzy Hash: 87219F715096019BD710AF18C85192BB7F4EF96768F44891DF4D59B391F339C900CBAB

Function 004449A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 48ee2e7fa4eaf2269f9cba4ba028b364844a4db2293ec32f790cc41601372115
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 5C31EA717482009BE7109E28D880B2BB7E1FFC4359F18892EE89A97341D339DC42DB4E

Function 004864B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf65791d1d820d79f668ebd603f3d912680ae3218ee03508ed0c844e33a54b6f
Instruction ID: 07a6b119b1dbd8b00d2279bb3ec37f048ae86e1d927204d41530b77ddc6bca79
Opcode Fuzzy Hash: bf65791d1d820d79f668ebd603f3d912680ae3218ee03508ed0c844e33a54b6f
Instruction Fuzzy Hash: 8421397050C2409BC705EF59D590A2EF7E5EB95B45F298C2EE4C493362C339A851CB6A

Function 00485700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f7e3e6f53ff6fc855aec14c4ae2153243a5ecc1ce5f1c769fbffb1407e40de
Instruction ID: 0bc2535bc0f9b058cd941f42dc9905ad6f7c8ac7a2bbacf031e2acef064881c9
Opcode Fuzzy Hash: 70f7e3e6f53ff6fc855aec14c4ae2153243a5ecc1ce5f1c769fbffb1407e40de
Instruction Fuzzy Hash: 71118C75918240EBC301AF28E844A1FBBE5AF96B11F058C3DE4849B211D339D811CB9B

Function 0047B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 904d45563e2e5bd84b8ef0249c334e1dd00cf4307e246104a8fa272c9b42611d
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: B711EC336051D40EC7158D3C84406A57F935AA3234B59C39AF4BC9B2D2D7268D8A839A

Function 00470B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 973e70ee8cdd576297560a652ef5c5d5b0b6c6fff6ee419bd39bfbc459326e90
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 000175F5A0230187E7209EA594D1B7BB2A86F4071CF18852ED40E97342DB7AFD05C699

Function 0046D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33ec2df4578a3e21066154994f6801af2837e3c7d40cbc8625fa68fb2ceb9903
Instruction ID: fae3c8b449615e445c3a4839284cc5eb8c0e395848b6bbf25eb1a012b1d5751a
Opcode Fuzzy Hash: 33ec2df4578a3e21066154994f6801af2837e3c7d40cbc8625fa68fb2ceb9903
Instruction Fuzzy Hash: BE111FB0808380AFD310AF618494A1FFBE0EBA6718F148C1EF1A49B251C379D809CF0A

Function 00446EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46a5f40786bb407d9d968d41858503c7c964d832e9a2edcbd36935acb82fb14c
Instruction ID: 43f23c9e120f07c327ec30a65c0762eed5ead0a087086be740a24da39a1c0089
Opcode Fuzzy Hash: 46a5f40786bb407d9d968d41858503c7c964d832e9a2edcbd36935acb82fb14c
Instruction Fuzzy Hash: 1AF0243A71820A0FB210CDAAA88083BB3D6D7CA355B15553DEA80C3311CD72E80682D9

Function 0047B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 0045C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 0045B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 44f8f1eaa9a573552f7335c3ce0a67c0cd900abdec264a40180efb454b48ad1e
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: D7F0ECB160461057DF328A559CC0F37BB9CCB97355F190427EC4557243D265584DC3E9

Function 00478220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de13ff26192eba4cf5f23322b8f7bdeb5bfd744cbe4f1b0808fde419e2afd848
Instruction ID: d0e45083b5109bf9c6cdc87ba94efa865a3e88a4a09b3ca83cb419e63741a411
Opcode Fuzzy Hash: de13ff26192eba4cf5f23322b8f7bdeb5bfd744cbe4f1b0808fde419e2afd848
Instruction Fuzzy Hash: D901E4B04107009FC360EF29C485B4BBBE8EB08714F008A1DE8AECB680D774A5448B82

Function 00481440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 3e80fd5c9e4b965bf5312585ee5ee04e6f7b5dbacbb9a0669987c0f554330314
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 39D05E2160832186AB649E19A4009BBF7E4EA87F11F49995FF586E3258D234DC42C2AD

Function 00451ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e8ac3978c2f3a2d690454b09d73425e2abf3d2505a3406dfe7ff9cfe8efd76
Instruction ID: 3b2aa858e559e6f7177fe7dc79369480a4799f966c9f706a7fc11c2ef63843c3
Opcode Fuzzy Hash: 63e8ac3978c2f3a2d690454b09d73425e2abf3d2505a3406dfe7ff9cfe8efd76
Instruction Fuzzy Hash: F8C01238A190008B82048F04E89593AA3B8A36660D700643FDA02E3222DA20C81A8A0E

Function 00486094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea1bd8d7f0ee7b230f4e9d7c605a7aec844876dddb2891a601e3d593bf661ed
Instruction ID: 575188d772dae7c39ff432541517f8a326166dc6ad382dfe9df76474873fa185
Opcode Fuzzy Hash: bea1bd8d7f0ee7b230f4e9d7c605a7aec844876dddb2891a601e3d593bf661ed
Instruction Fuzzy Hash: 11C09B3865C00087D10CCF04D955475F3769BA7715724B03FCA0623257C134E513D51D

Function 00451A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b9a46b9f305b3d1bed370311e1a41a709b828e38c5714af399a4b91a840688
Instruction ID: 68c89d9dd11f2886ee4094da992ee3eb2c1d254310b6ad603ef987a3b6c49686
Opcode Fuzzy Hash: b1b9a46b9f305b3d1bed370311e1a41a709b828e38c5714af399a4b91a840688
Instruction Fuzzy Hash: 75C04C34A590408A82448E89A891536A2A85326609710343F9A02E7262D560D419860D

Function 00485FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2077968073.0000000000441000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.2077956857.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2077998255.00000000004A0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078013942.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078026235.00000000004AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078039411.00000000004AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078134781.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078146756.000000000060A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078162317.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078186364.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078196959.0000000000638000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078208699.0000000000643000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078223256.0000000000649000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078238299.000000000065F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078252425.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078267107.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078277992.0000000000686000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078288525.0000000000687000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078299892.000000000068C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078313336.000000000069C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078323924.000000000069D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078334514.000000000069E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078345328.00000000006A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078357796.00000000006A8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078371049.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078384942.00000000006B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078398363.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078411658.00000000006C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078424085.00000000006CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078437551.00000000006D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078449706.0000000000708000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078488840.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078500257.0000000000736000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.0000000000737000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078510146.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2078534623.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed6e6ec42065972f3aecf2c33417db69abca4983d26ed0bf5e5d7af5d85f36dc
Instruction ID: a67d9b3b4c6ecb63806ddc659f740933992dfd1e462a5e1a4012606163e70471
Opcode Fuzzy Hash: ed6e6ec42065972f3aecf2c33417db69abca4983d26ed0bf5e5d7af5d85f36dc
Instruction Fuzzy Hash: AAC09228B680008BA24CCF18DD55936F2BA9BABA1AB14B03EC906A3257D134E512860C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 0044FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 0044D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00485BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 0048695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 0045049B Relevance: .3, Instructions: 264
COMMON

Function 00450228 Relevance: .2, Instructions: 218
COMMON

Function 004899D0 Relevance: .1, Instructions: 143
COMMON

Function 00483220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00483202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON