Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541455
MD5:	0c25e84952637590d40764410c7c2a27
SHA1:	87b09fedd7e71b9fc899988dd6a7ea1cb5402063
SHA256:	1b0d4831c3c0f5c732dd05edf537aff4d04b0edc89e329cb7016bcb3d631aa0f
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6836 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0C25E84952637590D40764410C7C2A27)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "spirittunek.store", "dissapoiznw.store", "clearancek.site", "studennotediw.store", "eaglepawnoy.store", "mobbipenju.store", "bathdoomgaz.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.564066+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.4	56699	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.191784+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.4	50514	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.533885+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.4	59559	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.516261+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.4	49713	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.614319+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.4	59582	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.230155+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.4	54524	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.599940+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.4	58860	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:01.551524+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.4	50501	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T21:11:03.396448+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6836.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "spirittunek.store", "dissapoiznw.store", "clearancek.site", "studennotediw.store", "eaglepawnoy.store", "mobbipenju.store", "bathdoomgaz.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_009250FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008ED110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008ED110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_009263B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_009299D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_0092695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_008EFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_008F0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00926094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_008E1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_0091F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_008F6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00924040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0090D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008F42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00902260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00902260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_008EA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_009264B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0090E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_008FB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00921440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_008FD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0090C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00909510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00927520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008F6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_0091B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0090E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0090D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_009267EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00927710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00925700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_009028E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_008E49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00923920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_008FD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008F1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_008F1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00924A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_008E5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00910B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_008F1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_008F3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_008FDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_008FDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00929B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_0090AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_0090AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_0090CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0090CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_0090CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00929CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00929CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00907C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_0091FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_0090EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00928D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_0090FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0090DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_008F1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_008E6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_008F6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_008EBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_008F4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_0090AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00905E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00907E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_008F6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00925FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_008FFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00927FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00927FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_008E8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0091FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00909F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:59582 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:56699 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:54524 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:50501 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:50514 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:49713 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:59559 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:58860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=c681e15bb6bb7d83c802cee4; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 24 Oct 2024 19:11:03 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlTT< equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732318893.0000000001304000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dissapoiznw.store:443/api
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/apii
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store:443/api
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732318893.00000000012F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/765611997243319002
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/q
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F0228	0_2_008F0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A0D0	0_2_0092A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A420C6	0_2_00A420C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E1000	0_2_008E1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2030	0_2_008F2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00924040	0_2_00924040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EE1A0	0_2_008EE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A471D0	0_2_00A471D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E71F0	0_2_008E71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E5160	0_2_008E5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009182D0	0_2_009182D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009112D0	0_2_009112D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E12F7	0_2_008E12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E13A3	0_2_008E13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EB3A0	0_2_008EB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095A3CE	0_2_0095A3CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009123E0	0_2_009123E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA300	0_2_008EA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4487	0_2_008F4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F049B	0_2_008F049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6488	0_2_00AB6488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009164F0	0_2_009164F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C470	0_2_0090C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E35B0	0_2_008E35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC05F9	0_2_00AC05F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC5F0	0_2_008FC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D56C9	0_2_009D56C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009286F0	0_2_009286F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091F620	0_2_0091F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928652	0_2_00928652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E164F	0_2_008E164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091E8A0	0_2_0091E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091B8C0	0_2_0091B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A79812	0_2_00A79812
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5780F	0_2_00B5780F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00911860	0_2_00911860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090098B	0_2_0090098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009289A0	0_2_009289A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F9CC	0_2_00A9F9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB99DC	0_2_00AB99DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928A80	0_2_00928A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00927AB0	0_2_00927AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABEAE6	0_2_00ABEAE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00924A40	0_2_00924A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E7BF0	0_2_008E7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FDB6F	0_2_008FDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A72CA7	0_2_00A72CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00926CBF	0_2_00926CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090CCD0	0_2_0090CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928C02	0_2_00928C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BBC7D	0_2_009BBC7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090FD10	0_2_0090FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090DD29	0_2_0090DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908D62	0_2_00908D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F6EBF	0_2_008F6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EBEB0	0_2_008EBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72EDB	0_2_00B72EDB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4E2A	0_2_008F4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090AE57	0_2_0090AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928E70	0_2_00928E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00927FC0	0_2_00927FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E8FD0	0_2_008E8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EAF10	0_2_008EAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008FD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008ECAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995229991749175

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00918220 CoCreateInstance,

0_2_00918220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: hRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNehN>

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 3007488 > 1048576

Source: file.exe

Static PE information: Raw size of osztymti is bigger than: 0x100000 < 0x2b4c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.8e0000.0.unpack :EW;.rsrc :W;.idata :W;osztymti:EW;faeuwvtx:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;osztymti:EW;faeuwvtx:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2eda85 should be: 0x2e28a7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: osztymti
Source: file.exe	Static PE information: section name: faeuwvtx
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9D0A2 push 417F8D00h; mov dword ptr [esp], ebp	0_2_00B9D171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4097 push esi; mov dword ptr [esp], eax	0_2_00BE40B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6B09C push ecx; mov dword ptr [esp], eax	0_2_00B6B0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B91093 push esi; mov dword ptr [esp], ebp	0_2_00B910BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4709A push eax; mov dword ptr [esp], ecx	0_2_00B470E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5208D push 6789BF58h; mov dword ptr [esp], esi	0_2_00B520B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5208D push esi; mov dword ptr [esp], ecx	0_2_00B520D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE30F7 push ecx; mov dword ptr [esp], edi	0_2_00AE3171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A420C6 push eax; mov dword ptr [esp], ebx	0_2_00A420FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A420C6 push edx; mov dword ptr [esp], ebp	0_2_00A42148
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A420C6 push 3EF14CC9h; mov dword ptr [esp], esi	0_2_00A421DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A420C6 push 6A8D7A82h; mov dword ptr [esp], ecx	0_2_00A42206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC0DD push edi; mov dword ptr [esp], ebx	0_2_00AEC0FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF00D3 push 4433B0C6h; mov dword ptr [esp], ecx	0_2_00AF0026
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED190 push 2F590E09h; mov dword ptr [esp], eax	0_2_00AED198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009721C7 push edx; mov dword ptr [esp], eax	0_2_009721E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C1D4 push 7F8DA7F4h; mov dword ptr [esp], ebx	0_2_00B8C1FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C1D4 push edx; mov dword ptr [esp], esi	0_2_00B8C27C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A471D0 push eax; mov dword ptr [esp], edx	0_2_00A47219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A471D0 push edi; mov dword ptr [esp], ebx	0_2_00A47242
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A471D0 push 056CF41Eh; mov dword ptr [esp], eax	0_2_00A47368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA31C4 push 3300D6DFh; mov dword ptr [esp], eax	0_2_00BA31E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA811F push 3CE9F273h; mov dword ptr [esp], ecx	0_2_00BA8640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B53289 push ebx; mov dword ptr [esp], edi	0_2_00B532A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE4291 push 425D87F8h; mov dword ptr [esp], ecx	0_2_00AE429F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA32C5 push edx; mov dword ptr [esp], ecx	0_2_00BA32E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA32C5 push 71886D00h; mov dword ptr [esp], ecx	0_2_00BA3310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA32C5 push 41712C99h; mov dword ptr [esp], ebp	0_2_00BA3397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092F242 push edx; ret	0_2_0092F24B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B473BA push 6C2D2634h; mov dword ptr [esp], esp	0_2_00B473FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4399 push 060A60FFh; mov dword ptr [esp], esp	0_2_00BE43A8

Source: file.exe

Static PE information: section name: entropy: 7.97212018947747

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94460E second address: 944614 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 944614 second address: 943F03 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FB3F8DB5B3Dh 0x0000000e push dword ptr [ebp+122D0ECDh] 0x00000014 sub dword ptr [ebp+122D1E7Ah], eax 0x0000001a call dword ptr [ebp+122D1C57h] 0x00000020 pushad 0x00000021 jmp 00007FB3F8DB5B3Fh 0x00000026 xor eax, eax 0x00000028 mov dword ptr [ebp+122D1CD4h], ebx 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 xor dword ptr [ebp+122D1CD4h], edi 0x00000038 cld 0x00000039 mov dword ptr [ebp+122D30F3h], eax 0x0000003f pushad 0x00000040 sub dword ptr [ebp+122D1CD4h], ebx 0x00000046 mov edi, edx 0x00000048 popad 0x00000049 mov esi, 0000003Ch 0x0000004e jmp 00007FB3F8DB5B3Eh 0x00000053 cld 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jmp 00007FB3F8DB5B49h 0x0000005d lodsw 0x0000005f xor dword ptr [ebp+122D1CD4h], ecx 0x00000065 add eax, dword ptr [esp+24h] 0x00000069 clc 0x0000006a mov ebx, dword ptr [esp+24h] 0x0000006e pushad 0x0000006f mov dword ptr [ebp+122D1CD4h], edx 0x00000075 push ecx 0x00000076 sub eax, dword ptr [ebp+122D30C3h] 0x0000007c pop esi 0x0000007d popad 0x0000007e push eax 0x0000007f push edx 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 943F03 second address: 943F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACA21B second address: ACA221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACA221 second address: ACA225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACA225 second address: ACA247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007FB3F8DB5B47h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC3580 second address: AC3586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC3586 second address: AC35AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3F8DB5B47h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007FB3F8DB5B36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC92B7 second address: AC92C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC92C2 second address: AC92DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B49h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9583 second address: AC9588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9588 second address: AC958E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC958E second address: AC959D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007FB3F871FEF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC959D second address: AC95CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B40h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FB3F8DB5B36h 0x00000016 jmp 00007FB3F8DB5B3Eh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC95CC second address: AC95D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC95D0 second address: AC95D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9894 second address: AC989E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB3F871FEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC989E second address: AC98A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC98A4 second address: AC98AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC98AD second address: AC98B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD438 second address: 943F03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FB3F871FEF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 444F3EC1h 0x00000015 mov si, di 0x00000018 push dword ptr [ebp+122D0ECDh] 0x0000001e mov ecx, dword ptr [ebp+122D3335h] 0x00000024 call dword ptr [ebp+122D1C57h] 0x0000002a pushad 0x0000002b jmp 00007FB3F871FEFFh 0x00000030 xor eax, eax 0x00000032 mov dword ptr [ebp+122D1CD4h], ebx 0x00000038 mov edx, dword ptr [esp+28h] 0x0000003c xor dword ptr [ebp+122D1CD4h], edi 0x00000042 cld 0x00000043 mov dword ptr [ebp+122D30F3h], eax 0x00000049 pushad 0x0000004a sub dword ptr [ebp+122D1CD4h], ebx 0x00000050 mov edi, edx 0x00000052 popad 0x00000053 mov esi, 0000003Ch 0x00000058 jmp 00007FB3F871FEFEh 0x0000005d cld 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 jmp 00007FB3F871FF09h 0x00000067 lodsw 0x00000069 xor dword ptr [ebp+122D1CD4h], ecx 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 clc 0x00000074 mov ebx, dword ptr [esp+24h] 0x00000078 pushad 0x00000079 mov dword ptr [ebp+122D1CD4h], edx 0x0000007f push ecx 0x00000080 sub eax, dword ptr [ebp+122D30C3h] 0x00000086 pop esi 0x00000087 popad 0x00000088 push eax 0x00000089 push edx 0x0000008a push eax 0x0000008b push edx 0x0000008c push eax 0x0000008d push edx 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD476 second address: ACD4C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jl 00007FB3F8DB5B3Ch 0x00000010 mov dword ptr [ebp+1245AFB3h], edi 0x00000016 push 00000000h 0x00000018 jmp 00007FB3F8DB5B42h 0x0000001d call 00007FB3F8DB5B39h 0x00000022 push edi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB3F8DB5B47h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD4C3 second address: ACD4D0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD4D0 second address: ACD4FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnc 00007FB3F8DB5B40h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB3F8DB5B3Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD4FD second address: ACD55A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007FB3F871FEF6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007FB3F871FF09h 0x00000015 pop eax 0x00000016 mov edi, 361B718Bh 0x0000001b push 00000003h 0x0000001d mov esi, dword ptr [ebp+122D3113h] 0x00000023 push 00000000h 0x00000025 mov edx, edi 0x00000027 push 00000003h 0x00000029 call 00007FB3F871FEF9h 0x0000002e js 00007FB3F871FEFAh 0x00000034 push eax 0x00000035 push ecx 0x00000036 pop ecx 0x00000037 pop eax 0x00000038 push eax 0x00000039 pushad 0x0000003a jg 00007FB3F871FEF8h 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD55A second address: ACD5EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB3F8DB5B36h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push ecx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jmp 00007FB3F8DB5B3Fh 0x00000019 popad 0x0000001a pop ecx 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007FB3F8DB5B3Dh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 pushad 0x00000027 jmp 00007FB3F8DB5B43h 0x0000002c jmp 00007FB3F8DB5B40h 0x00000031 popad 0x00000032 pop eax 0x00000033 mov ecx, eax 0x00000035 lea ebx, dword ptr [ebp+1245D344h] 0x0000003b mov dword ptr [ebp+122D3CF3h], edx 0x00000041 xchg eax, ebx 0x00000042 jnl 00007FB3F8DB5B48h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FB3F8DB5B3Ch 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD5EE second address: ACD5F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD5F4 second address: ACD5F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD71D second address: ACD722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD722 second address: ACD75A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B41h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB3F8DB5B44h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD75A second address: ACD75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD873 second address: ACD879 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD879 second address: ACD909 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FB3F871FEF8h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D1F25h], edi 0x00000029 sub di, 3B15h 0x0000002e adc dx, 4748h 0x00000033 push 00000000h 0x00000035 movzx esi, si 0x00000038 push 1C2D90C4h 0x0000003d jmp 00007FB3F871FEFCh 0x00000042 xor dword ptr [esp], 1C2D9044h 0x00000049 mov esi, dword ptr [ebp+122D24E0h] 0x0000004f push 00000003h 0x00000051 mov ecx, dword ptr [ebp+122D2F9Bh] 0x00000057 push 00000000h 0x00000059 add esi, dword ptr [ebp+122D1CCAh] 0x0000005f push 00000003h 0x00000061 jmp 00007FB3F871FF06h 0x00000066 call 00007FB3F871FEF9h 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD909 second address: ACD90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD90D second address: ACD913 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD913 second address: ACD92A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3F8DB5B42h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD92A second address: ACD96E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007FB3F871FF0Fh 0x0000000e jmp 00007FB3F871FF09h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jc 00007FB3F871FEFEh 0x0000001d jo 00007FB3F871FEF8h 0x00000023 mov eax, dword ptr [eax] 0x00000025 push edi 0x00000026 je 00007FB3F871FEFCh 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD96E second address: ACD9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 jmp 00007FB3F8DB5B46h 0x0000000e pop eax 0x0000000f push eax 0x00000010 movzx ecx, di 0x00000013 pop ecx 0x00000014 lea ebx, dword ptr [ebp+1245D358h] 0x0000001a adc dh, FFFFFF90h 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 ja 00007FB3F8DB5B38h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBB40 second address: AEBB44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBCB5 second address: AEBCB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBCB9 second address: AEBCE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007FB3F871FEF6h 0x0000000d jmp 00007FB3F871FF03h 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBCE2 second address: AEBD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007FB3F8DB5B42h 0x0000000e je 00007FB3F8DB5B38h 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 jmp 00007FB3F8DB5B49h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBF88 second address: AEBFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jl 00007FB3F871FEFAh 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push edi 0x00000014 jmp 00007FB3F871FEFAh 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f ja 00007FB3F871FF08h 0x00000025 jmp 00007FB3F871FEFDh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBFD1 second address: AEBFEF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB3F8DB5B38h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB3F8DB5B42h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC14A second address: AEC152 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC152 second address: AEC156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC2AB second address: AEC2B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC44F second address: AEC46A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB3F8DB5B3Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC46A second address: AEC478 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FB3F871FEF6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC5C3 second address: AEC5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B43h 0x00000009 jmp 00007FB3F8DB5B44h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC79A second address: AEC7AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3F871FEFEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC7AC second address: AEC7DD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB3F8DB5B36h 0x00000008 jbe 00007FB3F8DB5B36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FB3F8DB5B43h 0x00000016 jmp 00007FB3F8DB5B3Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC923 second address: AEC927 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECA91 second address: AECAB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B49h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECAB7 second address: AECAD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FB3F871FEF6h 0x00000009 jmp 00007FB3F871FF07h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECF05 second address: AECF1F instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3F8DB5B38h 0x00000008 push edx 0x00000009 jmp 00007FB3F8DB5B3Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AED67E second address: AED6C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB3F871FEFBh 0x0000000c pop ebx 0x0000000d push ebx 0x0000000e je 00007FB3F871FEF6h 0x00000014 pop ebx 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FB3F871FF00h 0x0000001f popad 0x00000020 popad 0x00000021 jnp 00007FB3F871FF15h 0x00000027 jmp 00007FB3F871FEFBh 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AED6C4 second address: AED6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB3F8DB5B36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AED96C second address: AED979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FB3F871FF02h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB44A9 second address: AB44AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB44AD second address: AB44BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB3F871FEFAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB44BD second address: AB4502 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B40h 0x00000007 jmp 00007FB3F8DB5B40h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007FB3F8DB5B68h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB3F8DB5B43h 0x0000001b jl 00007FB3F8DB5B36h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4570 second address: AF4576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4576 second address: AF4580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF4580 second address: AF45AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F871FF03h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007FB3F871FEFAh 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007FB3F871FEF6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF45AE second address: AF45B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7A8D second address: AB7A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7A95 second address: AB7AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FB3F8DB5B38h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7AA2 second address: AB7AAC instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB3F871FF02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB7AAC second address: AB7AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FCA second address: AF9FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9FCE second address: AF9FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA150 second address: AFA168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 je 00007FB3F871FEF6h 0x0000000e popad 0x0000000f push edx 0x00000010 ja 00007FB3F871FEF6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA168 second address: AFA188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FB3F8DB5B48h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA188 second address: AFA18E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA30C second address: AFA316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA316 second address: AFA31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA874 second address: AFA882 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA882 second address: AFA888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD1F0 second address: AFD20C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B47h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD20C second address: AFD212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDFC2 second address: AFDFE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B46h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE0C5 second address: AFE112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007FB3F871FEF6h 0x0000000c jno 00007FB3F871FEF6h 0x00000012 popad 0x00000013 popad 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 pushad 0x00000019 pushad 0x0000001a jmp 00007FB3F871FEFFh 0x0000001f je 00007FB3F871FEF6h 0x00000025 popad 0x00000026 jmp 00007FB3F871FF02h 0x0000002b popad 0x0000002c mov eax, dword ptr [eax] 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushad 0x00000032 popad 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE112 second address: AFE19B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3F8DB5B3Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007FB3F8DB5B44h 0x00000013 pop eax 0x00000014 jmp 00007FB3F8DB5B44h 0x00000019 call 00007FB3F8DB5B39h 0x0000001e pushad 0x0000001f jg 00007FB3F8DB5B44h 0x00000025 jg 00007FB3F8DB5B40h 0x0000002b popad 0x0000002c push eax 0x0000002d jmp 00007FB3F8DB5B43h 0x00000032 mov eax, dword ptr [esp+04h] 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE19B second address: AFE19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE19F second address: AFE1C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c js 00007FB3F8DB5B36h 0x00000012 popad 0x00000013 popad 0x00000014 mov eax, dword ptr [eax] 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE1C2 second address: AFE1D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE1D2 second address: AFE1D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE5FF second address: AFE603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE725 second address: AFE729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE729 second address: AFE72D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE72D second address: AFE733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE733 second address: AFE739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFE739 second address: AFE73D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFEDE0 second address: AFEDE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFEDE4 second address: AFEDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FB3F8DB5B36h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFEDF2 second address: AFEE28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebx 0x0000000b mov di, 94A3h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB3F871FF03h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFF29E second address: AFF2A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFF447 second address: AFF460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e movzx edi, dx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFF460 second address: AFF465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B003BA second address: B0043A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FB3F871FF0Eh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f movzx esi, dx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007FB3F871FEF8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FB3F871FEF8h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a add esi, dword ptr [ebp+122D2EABh] 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push edi 0x00000055 pop edi 0x00000056 pushad 0x00000057 popad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0043A second address: B00441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0025B second address: B00260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0295D second address: B029F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor edi, 39C1434Bh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FB3F8DB5B38h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 or edi, dword ptr [ebp+122D1EA2h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007FB3F8DB5B38h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b call 00007FB3F8DB5B45h 0x00000050 adc di, 6E6Ch 0x00000055 pop esi 0x00000056 xchg eax, ebx 0x00000057 jmp 00007FB3F8DB5B40h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FB3F8DB5B3Fh 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B029F4 second address: B029FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB3F871FEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B00BF4 second address: B00BFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0335C second address: B0337F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007FB3F871FF08h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0337F second address: B033E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB3F8DB5B3Fh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FB3F8DB5B3Ah 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FB3F8DB5B38h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d push edi 0x0000002e call 00007FB3F8DB5B3Ch 0x00000033 push esi 0x00000034 pop edi 0x00000035 pop edi 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 mov esi, dword ptr [ebp+122D1EABh] 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FB3F8DB5B3Bh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B030FE second address: B03102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B03102 second address: B0310C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B03EEE second address: B03EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B03EF4 second address: B03EF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B03EF8 second address: B03F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB3F871FF08h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B03F1B second address: B03F33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3F8DB5B44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B054F4 second address: B054FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B054FA second address: B05500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05500 second address: B05504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05504 second address: B05508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05508 second address: B05550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FB3F871FEF8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 and edi, dword ptr [ebp+122D2E4Bh] 0x0000002b stc 0x0000002c push 00000000h 0x0000002e mov si, 5994h 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+122D359Eh], edx 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jc 00007FB3F871FEF6h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05550 second address: B05563 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FB3F8DB5B36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05335 second address: B0533B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0533B second address: B0533F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05FAD second address: B05FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05FB3 second address: B05FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05FB7 second address: B05FDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c movzx esi, dx 0x0000000f push 00000000h 0x00000011 stc 0x00000012 push 00000000h 0x00000014 xor si, BAFCh 0x00000019 mov edi, ebx 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d push ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B05FDD second address: B05FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FB3F8DB5B36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B277 second address: B0B27B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B27B second address: B0B281 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B281 second address: B0B28B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB3F871FEFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B28B second address: B0B2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jmp 00007FB3F8DB5B3Dh 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B2A3 second address: B0B327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB3F871FEFAh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FB3F871FEF8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 or dword ptr [ebp+122D359Eh], eax 0x0000002c push edi 0x0000002d pushad 0x0000002e movzx ecx, ax 0x00000031 mov bx, di 0x00000034 popad 0x00000035 pop edi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edi 0x0000003b call 00007FB3F871FEF8h 0x00000040 pop edi 0x00000041 mov dword ptr [esp+04h], edi 0x00000045 add dword ptr [esp+04h], 0000001Ah 0x0000004d inc edi 0x0000004e push edi 0x0000004f ret 0x00000050 pop edi 0x00000051 ret 0x00000052 mov ebx, dword ptr [ebp+122D3017h] 0x00000058 push 00000000h 0x0000005a mov dword ptr [ebp+122D3358h], eax 0x00000060 xchg eax, esi 0x00000061 jmp 00007FB3F871FEFCh 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push ebx 0x0000006a push edx 0x0000006b pop edx 0x0000006c pop ebx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B327 second address: B0B32D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B32D second address: B0B331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A607 second address: B0A60B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A60B second address: B0A611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A611 second address: B0A616 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A616 second address: B0A6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 and bx, 0936h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FB3F871FEF8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 cld 0x00000036 mov eax, dword ptr [ebp+122D0935h] 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FB3F871FEF8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000015h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov di, BA00h 0x0000005a mov dword ptr [ebp+122D39C3h], edi 0x00000060 push FFFFFFFFh 0x00000062 push ecx 0x00000063 mov bl, 5Bh 0x00000065 pop edi 0x00000066 nop 0x00000067 jmp 00007FB3F871FF08h 0x0000006c push eax 0x0000006d pushad 0x0000006e jne 00007FB3F871FEFCh 0x00000074 push eax 0x00000075 push edx 0x00000076 pushad 0x00000077 popad 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C2F2 second address: B0C30E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C30E second address: B0C323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007FB3F871FEF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B552 second address: B0B557 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C323 second address: B0C327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C327 second address: B0C32D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C32D second address: B0C375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FEFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a stc 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FB3F871FEF8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a sub bx, 4B4Eh 0x0000002f pop edi 0x00000030 xchg eax, esi 0x00000031 jc 00007FB3F871FF04h 0x00000037 push eax 0x00000038 push edx 0x00000039 push edx 0x0000003a pop edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C375 second address: B0C379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0D223 second address: B0D23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b jbe 00007FB3F871FF02h 0x00000011 jc 00007FB3F871FEFCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0E473 second address: B0E477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0E477 second address: B0E481 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB3F871FEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0E481 second address: B0E49D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3F8DB5B48h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0F59B second address: B0F5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1136B second address: B1140F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007FB3F8DB5B36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007FB3F8DB5B49h 0x00000015 jc 00007FB3F8DB5B3Ch 0x0000001b jbe 00007FB3F8DB5B36h 0x00000021 popad 0x00000022 nop 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007FB3F8DB5B38h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000015h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d add edi, 430648DAh 0x00000043 push 00000000h 0x00000045 sbb bh, 00000004h 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007FB3F8DB5B38h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 0000001Ch 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 mov edi, dword ptr [ebp+122D5B56h] 0x0000006a xchg eax, esi 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007FB3F8DB5B46h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1050C second address: B10518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1140F second address: B11448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3F8DB5B44h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB3F8DB5B49h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10518 second address: B10522 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB3F871FEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B11448 second address: B1144C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13408 second address: B1340D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B16ADA second address: B16AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15D06 second address: B15D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13515 second address: B1353A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FB3F8DB5B47h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12671 second address: B12676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1353A second address: B13544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FB3F8DB5B36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12676 second address: B1267C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18BD2 second address: B18BD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18E51 second address: B18E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF8B second address: B1BF95 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AD76 second address: B1AD7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AD7A second address: B1ADF1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c ja 00007FB3F8DB5B3Ah 0x00000012 nop 0x00000013 mov bx, cx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jo 00007FB3F8DB5B3Bh 0x00000023 add bx, 9124h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+122D359Eh], edx 0x00000035 mov eax, dword ptr [ebp+122D0809h] 0x0000003b push 00000000h 0x0000003d push ebx 0x0000003e call 00007FB3F8DB5B38h 0x00000043 pop ebx 0x00000044 mov dword ptr [esp+04h], ebx 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc ebx 0x00000051 push ebx 0x00000052 ret 0x00000053 pop ebx 0x00000054 ret 0x00000055 push FFFFFFFFh 0x00000057 mov ebx, dword ptr [ebp+122D2FF7h] 0x0000005d push eax 0x0000005e jc 00007FB3F8DB5B40h 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21EF3 second address: B21EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21805 second address: B21818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FB3F8DB5B3Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21818 second address: B2181C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21977 second address: B2197F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2197F second address: B21987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21987 second address: B219AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B48h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B219AC second address: B219B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B259C6 second address: B259CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B259CA second address: B259F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB3F871FF06h 0x0000000d push ecx 0x0000000e jbe 00007FB3F871FEF6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B259F1 second address: B25A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB3F8DB5B3Dh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29AB1 second address: B29AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29AB7 second address: B29ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29ABC second address: B29AD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3F871FEFEh 0x00000008 jp 00007FB3F871FEF6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29AD5 second address: B29ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29ADB second address: B29AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FB3F871FF0Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29AE8 second address: B29B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B40h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29B03 second address: B29B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29B07 second address: B29B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29B0B second address: B29B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB3F871FEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB3F871FF01h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2C2D1 second address: B2C2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2C349 second address: B2C34D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FB88 second address: B2FBA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB3F8DB5B48h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2FBA8 second address: B2FBC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF00h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c ja 00007FB3F871FEFEh 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B301EE second address: B301F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B301F3 second address: B301F8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B305D6 second address: B305DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B305DA second address: B30607 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB3F871FEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FB3F871FF07h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jnp 00007FB3F871FEF6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30607 second address: B3060B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3060B second address: B30617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30617 second address: B3061B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3061B second address: B3061F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36411 second address: B36436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FB3F8DB5B49h 0x0000000b je 00007FB3F8DB5B36h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36436 second address: B3643A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3643A second address: B36440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3560F second address: B35613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35613 second address: B3563B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB3F8DB5B36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB3F8DB5B41h 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE302E second address: AE3077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 jnp 00007FB3F871FEF6h 0x0000000e jmp 00007FB3F871FEFFh 0x00000013 pop ebx 0x00000014 push eax 0x00000015 jbe 00007FB3F871FEF6h 0x0000001b pop eax 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007FB3F871FF10h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B34CAD second address: B34CC2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3F8DB5B36h 0x00000008 jng 00007FB3F8DB5B36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3A8F3 second address: B3A8F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3A8F9 second address: B3A8FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB94D1 second address: AB94E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jc 00007FB3F871FEF6h 0x0000000b jmp 00007FB3F871FEFBh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB94E8 second address: AB9500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3F8DB5B3Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9500 second address: AB9504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9504 second address: AB9511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9511 second address: AB9515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414D2 second address: B414D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414D6 second address: B414E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB3F871FEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414E6 second address: B414EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414EE second address: B41508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF04h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B41508 second address: B41512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB3F8DB5B36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0721F second address: B0726D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b jmp 00007FB3F871FF02h 0x00000010 pop ecx 0x00000011 nop 0x00000012 mov dword ptr [ebp+122D25B4h], ecx 0x00000018 lea eax, dword ptr [ebp+12496FA1h] 0x0000001e add ecx, dword ptr [ebp+122D5AFEh] 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FB3F871FEFDh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0726D second address: B07277 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07277 second address: B07287 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07287 second address: B0728B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0728B second address: B0728F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07401 second address: B07405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0790E second address: B0792A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 pushad 0x00000008 jg 00007FB3F871FEFCh 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FB3F871FEF6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B079DD second address: B079FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3F8DB5B3Fh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07A68 second address: B07A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07B81 second address: B07B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3F8DB5B40h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07B95 second address: B07B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07B99 second address: B07BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jo 00007FB3F8DB5B42h 0x0000000f js 00007FB3F8DB5B3Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07BB0 second address: B07BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 push edx 0x00000009 jno 00007FB3F871FEFCh 0x0000000f pop edx 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007FB3F871FEF8h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B081A8 second address: B081AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B081AC second address: B081B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B082D0 second address: B082D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B082D6 second address: B082DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08570 second address: AE302E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jns 00007FB3F8DB5B3Eh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FB3F8DB5B38h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D2F0Bh] 0x0000002e call dword ptr [ebp+122D5B05h] 0x00000034 pushad 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE305F second address: AE3077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F871FF04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B417E1 second address: B417E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B417E5 second address: B417F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FB3F871FEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B417F7 second address: B417FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B417FB second address: B41807 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FB3F871FEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B41807 second address: B4183B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007FB3F8DB5B3Ch 0x00000010 pushad 0x00000011 jg 00007FB3F8DB5B36h 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4206B second address: B42072 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B42072 second address: B42078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B42078 second address: B42081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B47B93 second address: B47BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB3F8DB5B42h 0x0000000b popad 0x0000000c pop edx 0x0000000d push ecx 0x0000000e jmp 00007FB3F8DB5B3Fh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B46930 second address: B46946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB3F871FEFFh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B46946 second address: B4694A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B46BCC second address: B46BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB3F871FEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B47441 second address: B4745D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FB3F8DB5B36h 0x0000000d jmp 00007FB3F8DB5B3Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4745D second address: B47475 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FB3F871FEFAh 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B47475 second address: B47484 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB3F8DB5B36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B47484 second address: B4748E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4748E second address: B474B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B3Dh 0x00000009 pushad 0x0000000a popad 0x0000000b jng 00007FB3F8DB5B36h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FB3F8DB5B36h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4760D second address: B47621 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FEFEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B47621 second address: B47626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1B84 second address: AC1B8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FB3F871FEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1B8E second address: AC1BA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B47h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C7C3 second address: B4C7D3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3F871FEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C7D3 second address: B4C7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C7D7 second address: B4C7FC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FB3F871FF13h 0x0000000c jmp 00007FB3F871FF07h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C964 second address: B4C96A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C96A second address: B4C96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C96F second address: B4C979 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3F8DB5B42h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C979 second address: B4C97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51FE9 second address: B51FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51FF3 second address: B51FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51FF9 second address: B52006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52006 second address: B5200A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5200A second address: B52025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52025 second address: B5202B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5202B second address: B5202F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B522AC second address: B522B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B526FC second address: B5271B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB3F8DB5B3Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B531C2 second address: B531E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FB3F871FEF6h 0x0000000e jmp 00007FB3F871FF04h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B531E4 second address: B531F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B41h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B531F9 second address: B53212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB3F871FEFEh 0x0000000c pop ebx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B53212 second address: B53218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B574AD second address: B574E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB3F871FEF6h 0x0000000a pushad 0x0000000b jmp 00007FB3F871FEFFh 0x00000010 jmp 00007FB3F871FF08h 0x00000015 push edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B574E3 second address: B574F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FB3F8DB5B38h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B574F6 second address: B5750A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5750A second address: B5750F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56A57 second address: B56A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56A5F second address: B56A74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007FB3F8DB5B36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007FB3F8DB5B36h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56D11 second address: B56D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57058 second address: B5705C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5705C second address: B5708A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F871FF00h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FB3F871FEF6h 0x00000017 jmp 00007FB3F871FEFCh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5ADCC second address: B5ADD6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB3F8DB5B36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5ADD6 second address: B5ADDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5ADDC second address: B5AE16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007FB3F8DB5B36h 0x00000009 pop eax 0x0000000a jo 00007FB3F8DB5B47h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FB3F8DB5B3Fh 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB3F8DB5B45h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63286 second address: B632AF instructions: 0x00000000 rdtsc 0x00000002 js 00007FB3F871FEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB3F871FF09h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B632AF second address: B632B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6140C second address: B61418 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3F871FEF6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61BE7 second address: B61BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB3F8DB5B36h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61BF5 second address: B61BFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61BFA second address: B61C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61C01 second address: B61C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61C09 second address: B61C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61E6C second address: B61E70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B623F3 second address: B62407 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB3F8DB5B3Ah 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c je 00007FB3F8DB5B42h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67A3E second address: B67A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3F871FEF6h 0x0000000a pop esi 0x0000000b jl 00007FB3F871FEFEh 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67A53 second address: B67A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 jbe 00007FB3F8DB5B3Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6AAC9 second address: B6AACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6ABFA second address: B6AC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6AC00 second address: B6AC04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6AC04 second address: B6AC14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jc 00007FB3F8DB5B36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6AC14 second address: B6AC27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6AC27 second address: B6AC3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jc 00007FB3F8DB5B36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6B26B second address: B6B271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6B271 second address: B6B28B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB3F8DB5B36h 0x0000000a jmp 00007FB3F8DB5B40h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71354 second address: B71358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B715E9 second address: B715ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B715ED second address: B715F9 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3F871FEF6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71766 second address: B7176B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7176B second address: B71781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FB3F871FEFEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B718CE second address: B718E3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB3F8DB5B3Ch 0x00000008 jg 00007FB3F8DB5B36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B718E3 second address: B718E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B718E7 second address: B718EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71A36 second address: B71A5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB3F871FEFCh 0x0000000d jnl 00007FB3F871FF02h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71FA2 second address: B71FA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A4B4 second address: B7A4D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007FB3F871FEF8h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB3F871FF02h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B79EE6 second address: B79EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A093 second address: B7A09B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A09B second address: B7A09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A1BA second address: B7A1DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FB3F871FEFCh 0x0000000e push edi 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 jnp 00007FB3F871FF02h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A1DC second address: B7A1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB3F8DB5B36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80811 second address: B80815 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80815 second address: B8081B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8081B second address: B80821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80821 second address: B80838 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3F8DB5B49h 0x00000008 jmp 00007FB3F8DB5B3Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80838 second address: B80849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FB3F871FEF6h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80849 second address: B80888 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB3F8DB5B44h 0x0000000c jmp 00007FB3F8DB5B3Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007FB3F8DB5B36h 0x0000001a jmp 00007FB3F8DB5B3Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80888 second address: B8088E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C8DE second address: B8C8E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C8E8 second address: B8C932 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB3F871FEFDh 0x0000000e jmp 00007FB3F871FF09h 0x00000013 popad 0x00000014 pushad 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pop edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C932 second address: B8C93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C2C6 second address: B8C2F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3F871FF06h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jg 00007FB3F871FEF6h 0x00000016 pop ecx 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C2F1 second address: B8C2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C2F6 second address: B8C2FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C2FB second address: B8C307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB3F8DB5B36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8C47E second address: B8C482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9986E second address: B99896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B3Bh 0x00000009 popad 0x0000000a push ebx 0x0000000b jmp 00007FB3F8DB5B3Ch 0x00000010 pop ebx 0x00000011 pop esi 0x00000012 push ebx 0x00000013 push edi 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99896 second address: B9989A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9989A second address: B998A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1D65 second address: BA1D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007FB3F871FEF8h 0x0000000d jng 00007FB3F871FEF8h 0x00000013 push edx 0x00000014 pop edx 0x00000015 jl 00007FB3F871FF02h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1EE9 second address: BA1EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1EEE second address: BA1F0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FB3F871FEF6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA232D second address: BA2343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B3Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA2622 second address: BA262F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB3F871FEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA262F second address: BA2634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA2634 second address: BA263A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA312F second address: BA313F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB3F8DB5B36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA313F second address: BA3154 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF01h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA3154 second address: BA315F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6D0D second address: BA6D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6D13 second address: BA6D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F8DB5B42h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA6D29 second address: BA6D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6ADA second address: BB6B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 jmp 00007FB3F8DB5B49h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6B07 second address: BB6B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3F871FF06h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB3F871FF02h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5A3A second address: BC5A5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FB3F8DB5B36h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 jns 00007FB3F8DB5B3Ch 0x00000017 push ecx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE134C second address: BE1351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0193 second address: BE0197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0197 second address: BE01B2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3F871FEF6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB3F871FEFDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0598 second address: BE05A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3F8DB5B3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE05A8 second address: BE05AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE06F6 second address: BE0737 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007FB3F8DB5B46h 0x0000000e jmp 00007FB3F8DB5B3Ah 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB3F8DB5B45h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0A72 second address: BE0A89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF02h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0A89 second address: BE0A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0A8F second address: BE0A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0BC0 second address: BE0BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0BC4 second address: BE0BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3F871FEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e jmp 00007FB3F871FF01h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0BE9 second address: BE0BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0D53 second address: BE0D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0D57 second address: BE0D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB3F8DB5B3Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB3F8DB5B47h 0x00000011 jmp 00007FB3F8DB5B46h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3F7B second address: BE3F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3F83 second address: BE3F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB3F8DB5B36h 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007FB3F8DB5B36h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5803 second address: BE5807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5807 second address: BE580B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE580B second address: BE5815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5815 second address: BE5819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5819 second address: BE5830 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF03h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5830 second address: BE583F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FB3F8DB5B36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8152 second address: BE8156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8156 second address: BE815C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE815C second address: BE8174 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FB3F871FEFBh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8174 second address: BE8178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8178 second address: BE8191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8191 second address: BE8196 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8196 second address: BE819C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE84CE second address: BE84DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE84DC second address: BE84E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE84E0 second address: BE84F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F8DB5B43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE84F7 second address: BE84FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE84FD second address: BE8513 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FB3F8DB5B36h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8513 second address: BE8517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8517 second address: BE851D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE851D second address: BE8522 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA024 second address: BEA035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 je 00007FB3F8DB5B36h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA035 second address: BEA04F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3F871FF01h 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090D51 second address: 5090D57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B01184 second address: B01189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 943EA1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 943F71 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF1805 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B1BFC4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B7BBDB instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7140	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7148	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1732318893.00000000012CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0p3
Source: file.exe, 00000000.00000003.1730808806.0000000001326000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730957295.0000000001335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732500278.0000000001336000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1730808806.0000000001326000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730957295.0000000001335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732500278.0000000001336000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00925BB0 LdrInitializeThunk,

0_2_00925BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, file.exe, 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bathdoomgaz.store:443/api	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732318893.0000000001304000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://eaglepawnoy.store:443/apii	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://dissapoiznw.store:443/api	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://licendfilteo.site:443/api	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/q	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://studennotediw.store:443/api	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mobbipenju.store:443/api	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.0000000001308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730742487.0000000001385000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1730957295.000000000134E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/765611997243319002	file.exe, 00000000.00000002.1732415970.000000000130F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1730808806.000000000130F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1730742487.000000000138B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000002.1732527662.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541455
Start date and time:	2024-10-24 21:10:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
15:11:00	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	http://boulos-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	104.127.205.96
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://na4.docusign.net/Signing/EmailStart.aspx?a=c1ee55e8-d253-4731-bf85-5377494446fc&etti=24&acct=c49653d8-ee55-4f22-afc9-287006261d0b&er=251e9446-3fcb-4714-8d01-feee559625a8	Get hash	malicious	HTMLPhisher	Browse	2.19.126.84
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	https://8jkfw9cqp7ep.z13.web.core.windows.net/?zpbid=78432_55610c1d-9229-11ef-824f-03718b6de7bb#	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	88.221.169.152
	newsample	Get hash	malicious	Mirai, Okiru	Browse	96.26.148.92
	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg	Get hash	malicious	Unknown	Browse	184.28.89.164
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	SecuriteInfo.com.Heur.11787.148.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	StudioDemo.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	5Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.502195865272418
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'007'488 bytes
MD5:	0c25e84952637590d40764410c7c2a27
SHA1:	87b09fedd7e71b9fc899988dd6a7ea1cb5402063
SHA256:	1b0d4831c3c0f5c732dd05edf537aff4d04b0edc89e329cb7016bcb3d631aa0f
SHA512:	3f0fae0aa79448d2a745a6c4182cc080df21779df3aca37a657d9ff55708cbbeeba27351a8624cb48e84bdcde23202df5b631344e73d0a6f012845834e432d7f
SSDEEP:	49152:dhEdKnS6OqExDMqsRvLcyi5RllOwuokMhjQi3i/ean0lt:d7nS6OqExDURvLn4O8jQiy6lt
TLSH:	32D54956B60725CBD88F2675B16BCE4299BD42FA072108C3DC6DA57A7F63CC131B6C28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................`1...........@...........................1...........@.................................W...k..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x716000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB3F92DB1AAh
cmpps xmm5, dqword ptr [00000000h], 00h
jmp 00007FB3F92DD1A5h
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	13b9b1ce6abe6e10ac504164b65d6439	False	0.9995229991749175	data	7.97212018947747	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
osztymti	0x60000	0x2b5000	0x2b4c00	5e992a4d811aff2ef247d1176dc85d5a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
faeuwvtx	0x315000	0x1000	0x600	eb4a17454a2a7813b6af5e0067e91e2d	False	0.5520833333333334	data	4.818961802390272	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x316000	0x3000	0x2200	51d47ce3343ca469d60fb631d96c8a94	False	0.07019761029411764	DOS executable (COM)	0.7426747310517342	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T21:11:01.191784+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.4	50514	1.1.1.1	53	UDP
2024-10-24T21:11:01.230155+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.4	54524	1.1.1.1	53	UDP
2024-10-24T21:11:01.516261+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.4	49713	1.1.1.1	53	UDP
2024-10-24T21:11:01.533885+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.4	59559	1.1.1.1	53	UDP
2024-10-24T21:11:01.551524+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.4	50501	1.1.1.1	53	UDP
2024-10-24T21:11:01.564066+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.4	56699	1.1.1.1	53	UDP
2024-10-24T21:11:01.599940+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.4	58860	1.1.1.1	53	UDP
2024-10-24T21:11:01.614319+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.4	59582	1.1.1.1	53	UDP
2024-10-24T21:11:03.396448+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 21:11:01.711477995 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:01.711568117 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:01.711682081 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:01.719841957 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:01.719870090 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:02.581455946 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:02.581767082 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:02.636816025 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:02.636881113 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:02.637942076 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:02.680658102 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:02.829895020 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:02.871370077 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396471024 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396503925 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396590948 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396640062 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396680117 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396744013 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.396744013 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.396764040 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.396797895 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.396811008 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.436203003 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.436299086 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.436345100 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.436532021 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.438813925 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.438813925 CEST	49730	443	192.168.2.4	104.102.49.254
Oct 24, 2024 21:11:03.438833952 CEST	443	49730	104.102.49.254	192.168.2.4
Oct 24, 2024 21:11:03.438848019 CEST	443	49730	104.102.49.254	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 21:11:01.191783905 CEST	50514	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.202661991 CEST	53	50514	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.230154991 CEST	54524	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.512339115 CEST	53	54524	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.516261101 CEST	49713	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.530368090 CEST	53	49713	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.533885002 CEST	59559	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.549637079 CEST	53	59559	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.551523924 CEST	50501	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.562283039 CEST	53	50501	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.564065933 CEST	56699	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.587658882 CEST	53	56699	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.599940062 CEST	58860	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.611123085 CEST	53	58860	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.614319086 CEST	59582	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.624402046 CEST	53	59582	1.1.1.1	192.168.2.4
Oct 24, 2024 21:11:01.643594980 CEST	64669	53	192.168.2.4	1.1.1.1
Oct 24, 2024 21:11:01.651963949 CEST	53	64669	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 21:11:01.191783905 CEST	192.168.2.4	1.1.1.1	0x18d2	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.230154991 CEST	192.168.2.4	1.1.1.1	0x8ded	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.516261101 CEST	192.168.2.4	1.1.1.1	0xfbbf	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.533885002 CEST	192.168.2.4	1.1.1.1	0xd375	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.551523924 CEST	192.168.2.4	1.1.1.1	0x1761	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.564065933 CEST	192.168.2.4	1.1.1.1	0x4b58	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.599940062 CEST	192.168.2.4	1.1.1.1	0x6551	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.614319086 CEST	192.168.2.4	1.1.1.1	0x6aa7	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.643594980 CEST	192.168.2.4	1.1.1.1	0x4c3	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 21:11:01.202661991 CEST	1.1.1.1	192.168.2.4	0x18d2	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.512339115 CEST	1.1.1.1	192.168.2.4	0x8ded	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.530368090 CEST	1.1.1.1	192.168.2.4	0xfbbf	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.549637079 CEST	1.1.1.1	192.168.2.4	0xd375	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.562283039 CEST	1.1.1.1	192.168.2.4	0x1761	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.587658882 CEST	1.1.1.1	192.168.2.4	0x4b58	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.611123085 CEST	1.1.1.1	192.168.2.4	0x6551	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.624402046 CEST	1.1.1.1	192.168.2.4	0x6aa7	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:11:01.651963949 CEST	1.1.1.1	192.168.2.4	0x4c3	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.102.49.254	443	6836	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:11:02 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-24 19:11:03 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 24 Oct 2024 19:11:03 GMT Content-Length: 26105 Connection: close Set-Cookie: sessionid=c681e15bb6bb7d83c802cee4; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=None
2024-10-24 19:11:03 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-24 19:11:03 UTC	11638	IN	Data Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J

Target ID:	0
Start time:	15:10:59
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8e0000
File size:	3'007'488 bytes
MD5 hash:	0C25E84952637590D40764410C7C2A27
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	56.2%
Total number of Nodes:	48
Total number of Limit Nodes:	6

Executed Functions

Function 009250FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00925182

Strings

<I$), xrefs: 00925198
<I$), xrefs: 009252E3
@^, xrefs: 00925120

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: f74aca2a2e38a43e406c9832e84339199688c1e798697e646e26018e3aee248d
Instruction ID: 70b53ba168610c9d9321f82fd26381ea6a5b38e1b2e784a05805a788a1facb6b
Opcode Fuzzy Hash: f74aca2a2e38a43e406c9832e84339199688c1e798697e646e26018e3aee248d
Instruction Fuzzy Hash: 63219D3511C3848FC300DF68E88172AB7E4AB6A300FAA882CE1C5D7362D736D915CF56

Function 008EFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 008EFEDC
J|BJ, xrefs: 008F000D
VY^_, xrefs: 008EFDFF
t, xrefs: 008EFCBE

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: f86e2ec700a02e7bc4fe88d765ab4a29deef63e033b95740f1f2b285ac6a4b3e
Instruction ID: 8bfea157d7abfbc0cba763711e3844192034033f79974e22a68f4cc2611f1fd8
Opcode Fuzzy Hash: f86e2ec700a02e7bc4fe88d765ab4a29deef63e033b95740f1f2b285ac6a4b3e
Instruction Fuzzy Hash: D0D155745083889FD311DF29949062FBBE1FB92B48F14882CF6C98B252D736D949DF92

Function 008ED110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 008ED2F1

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c4b6f0c8a8aa5ebf83deaca21be13bd2bbdbfc1cef92fb4a9658f20aa6182d28
Instruction ID: 2b4dd802073fff27f1782fb7785ae3dc110d97cfdb236ede34e7212ed61bafe8
Opcode Fuzzy Hash: c4b6f0c8a8aa5ebf83deaca21be13bd2bbdbfc1cef92fb4a9658f20aa6182d28
Instruction Fuzzy Hash: 0D41337440D380ABC301AB69D584A2EFBF5EF93744F048C0CE9C4DB252C23AE8189B67

Function 00925BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0092973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00925BDE

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 0092695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 009269C5

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0dcc533be3a777e7ae22b39e56abfd5df3b8b403631e17a638630957fe9191e1
Instruction ID: 9f57b612178ff0993044488a3a5ba3be20082d0f0d54abbc667cf8321a7df6fb
Opcode Fuzzy Hash: 0dcc533be3a777e7ae22b39e56abfd5df3b8b403631e17a638630957fe9191e1
Instruction Fuzzy Hash: 5231A8B05183118FD718DF18E8A172AB7F6FF84344F48881CE5C6A72A5E7389904CB96

Function 008F049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce9aab2c91630950dd2928e70d339237620f85450024e6a4b40d17fe83b1a3e
Instruction ID: 23db9f8a9926bf720b8ed0e9af2644cda4bc7d9ae4bb286a493ea1b380f073e1
Opcode Fuzzy Hash: 2ce9aab2c91630950dd2928e70d339237620f85450024e6a4b40d17fe83b1a3e
Instruction Fuzzy Hash: F2916975214B00CFD7248F25E894A26B7F6FF89314B118A7CE9568BAA2D730F816DF50

Function 008F0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 387723a9a3c485fdb3b405c2a20d84fc7d79bb98bcb1a4c4232494316769f497
Instruction ID: efc969a601d8b3b5bc00bca8809a865baa8bf6689d528c77ca35f6a04ee0625a
Opcode Fuzzy Hash: 387723a9a3c485fdb3b405c2a20d84fc7d79bb98bcb1a4c4232494316769f497
Instruction Fuzzy Hash: F3716774218700DFD7248F20ECA4B26B7F6FF89314F118978E9568BA62C731A816DF60

Function 009299D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed29b12613d66ca896f29c594ed86250594bbb2b21c7f9724657faf3adff32ad
Instruction ID: 1453c3aa7c2f8cc5805cb4e9253f28a6037654f8ca85c89633052199ab1418d6
Opcode Fuzzy Hash: ed29b12613d66ca896f29c594ed86250594bbb2b21c7f9724657faf3adff32ad
Instruction Fuzzy Hash: F041DE34609320ABD714DB15F891B2BF7FAEB89710F54882CF58A97255D330E801CBA2

Function 009263B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 08dd73affb7e6b51d942daaf7264880126f59e3aaebd561afd6a62843cdd2023
Instruction ID: f8b52674f22b839da6e69a942fd03df6939d69084d266d0ae0f49a887d20cd51
Opcode Fuzzy Hash: 08dd73affb7e6b51d942daaf7264880126f59e3aaebd561afd6a62843cdd2023
Instruction Fuzzy Hash: 6431C170649311BAD624EA04ED82F3AB7A6FB84B11F648918F5C25A2E9D370AC11DB52

Function 008F0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f9988a0fc1480826263ab819040cac8b97c7ceea892df17283ad53f550f359
Instruction ID: 956b4dec3d9b585331a44a36b1bdddbb0d9994d76f5ad2b729dae295ae2c9f10
Opcode Fuzzy Hash: d8f9988a0fc1480826263ab819040cac8b97c7ceea892df17283ad53f550f359
Instruction Fuzzy Hash: C62109B490426A9FDF15CFA4CC90BBEBBB1FB4A304F144859E511BB292C735A911CF64

Function 00923220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 009232A6

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 688b95c806c65e2c959dae2a36f8c4ebaebbf9de43ecb65c19ff4e349843b2f7
Instruction ID: 92a4a4c419f69950ba2378f767daaa6a2c5c28c1890a36170d475dc19f778dbf
Opcode Fuzzy Hash: 688b95c806c65e2c959dae2a36f8c4ebaebbf9de43ecb65c19ff4e349843b2f7
Instruction Fuzzy Hash: 1B01463450D250DBC701AB18E895A1ABBE8EF9AB00F45891CE5C58B361D239DD60DFA2

Function 00923202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00923208

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4ad2af99988c0e581ece50aa6fbc4959cfa6de93e9a4b5c30df3f57eb539a803
Instruction ID: 7e38af6d186db49e31584aecc09c701278a55572036cf5617742e8ce52d06a7d
Opcode Fuzzy Hash: 4ad2af99988c0e581ece50aa6fbc4959cfa6de93e9a4b5c30df3f57eb539a803
Instruction Fuzzy Hash: 99B012700500005FDB041B00FC0AF003510EF00605F800050A101040B1D1615964D994

Non-executed Functions

Function 008FDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

dcba, xrefs: 008FE728
AR, xrefs: 008FDD10
|, xrefs: 008FECB1
%*+(, xrefs: 008FDE37, 008FDE46
QNOL, xrefs: 008FE775
lkji, xrefs: 008FE73E
:WUE, xrefs: 008FF6B7, 008FF6C6
DCBA, xrefs: 008FE887, 008FE896
tuJK, xrefs: 008FE967
89&', xrefs: 008FE93B
tsrq, xrefs: 008FE6FC
()./, xrefs: 008FE9CA
T, xrefs: 008FF157
WP, xrefs: 008FDCEF
`onm, xrefs: 008FE733
89>?, xrefs: 008FE9F6
xgfe, xrefs: 008FE71D
@ONM, xrefs: 008FE6DB
`Y^_, xrefs: 008FE99E
<=2, xrefs: 008FEA01
mjkh, xrefs: 008FE7D8
<=:;, xrefs: 008FE930
LKJI, xrefs: 008FE6E6
D, xrefs: 008FE846

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 2cce115ca7685d1c84ab1eb043359fa590a7946c4b4873bfa63a41ccd1152785
Instruction ID: a245e640f64a151a436c38956494f01bfe8e7b37af065dc598b058556678d0d8
Opcode Fuzzy Hash: 2cce115ca7685d1c84ab1eb043359fa590a7946c4b4873bfa63a41ccd1152785
Instruction Fuzzy Hash: 70F267B05093859BD770CF24C484BABBBE6FFD5344F14482CE6C98B292DB359985CB92

Function 009123E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

`tii, xrefs: 00912693
f@~!, xrefs: 009125FF
|}&C, xrefs: 00912F21
mlc@, xrefs: 0091275C
%*+(, xrefs: 009140EF
{l`~, xrefs: 0091268C
:, xrefs: 009132DD
fedc, xrefs: 00912782
ggxz, xrefs: 00912685
3<, xrefs: 009132D6
aenQ, xrefs: 0091276A
Cx, xrefs: 0091453D

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: c596e47fc46b4f407f379a7ea4a9fd9be950b86271b1f2bccd464ee3ddb1505d
Instruction ID: 30518c3b2ee00caba80e0e7d9428cef824adad5175398940b249266d0059f683
Opcode Fuzzy Hash: c596e47fc46b4f407f379a7ea4a9fd9be950b86271b1f2bccd464ee3ddb1505d
Instruction Fuzzy Hash: 7733CE70604B818FD7258F38C5907A2BBF1BF56304F58899DE4DA8B792C735E846CBA1

Function 00909F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

?m,o, xrefs: 0090A13C
(a*c, xrefs: 0090A147
WH, xrefs: 0090AA1C
sm, xrefs: 0090A830
=], xrefs: 0090A36A
%e6g, xrefs: 0090A152
hi, xrefs: 0090AB9D
WQ, xrefs: 0090A62B
JG, xrefs: 0090AA27
N[, xrefs: 0090A375
]{, xrefs: 0090A1E7, 0090A1F3
kW, xrefs: 0090A380
S], xrefs: 0090A636
CG, xrefs: 0090AA32
/), xrefs: 0090A66D
_Y, xrefs: 0090A641
Gt, xrefs: 00909FF8

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 64c2f5c57a14a3158721fc1b696ef835542104341da95cedae2e4dc6e09a436e
Instruction ID: d7b59cdd4027641196ecf89a63ab0d02896b76b0d1a9267c18901e67b00e1ae8
Opcode Fuzzy Hash: 64c2f5c57a14a3158721fc1b696ef835542104341da95cedae2e4dc6e09a436e
Instruction Fuzzy Hash: 2052C6B444D385CAE274CF25D681B8EBAF1BB92740F608A1DE1ED9B255DBB08045CF93

Function 00909510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

O+f), xrefs: 00909634, 0090963D
B7U1, xrefs: 00909AFB
?M0K, xrefs: 00909968
B?Q9, xrefs: 00909B0B
G'M!, xrefs: 00909ADB
,A&C, xrefs: 0090982E
X/R), xrefs: 00909AEB
;IJK, xrefs: 0090983E
2A"_, xrefs: 00909980
G+X5, xrefs: 00909AF3
!E4G, xrefs: 00909836
T#a-, xrefs: 00909AE3
L3Y=, xrefs: 00909B03
8;, xrefs: 00909B13
z=Q?, xrefs: 00909826
pq, xrefs: 009099E0

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 7b11963786b3b56987b964a6acd16c5703b9b7cd0b7529ee7e9067d1d1a5cd94
Instruction ID: 9fe8cd8b83d54212a3b142edead9e199bb0eb432988916465972d24e36ba1e35
Opcode Fuzzy Hash: 7b11963786b3b56987b964a6acd16c5703b9b7cd0b7529ee7e9067d1d1a5cd94
Instruction Fuzzy Hash: 09F12CB4508380AFD310DF15D891A2BBBE4FB86B48F144D1CF5D99B292D374D908CB96

Function 0090DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

{E, xrefs: 0090E323
=]+_, xrefs: 0090E276
-M2O, xrefs: 0090E25A
)IgK, xrefs: 0090E261
Y9N;, xrefs: 0090E245
upH}, xrefs: 0090DE8A, 0090E798, 0090DF4A
<Y.[, xrefs: 0090E27D
%*+(, xrefs: 0090E143
n\+H, xrefs: 0090DDC0
hX]N, xrefs: 0090DDC7
,Q?S, xrefs: 0090E26F

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 97943e56d09cc65a01f1ffa4c8a8cc823c273bd14a470e1b53a3b0079fd14b18
Instruction ID: 3d916d270bdf150b4ea17c17dc8ee85108063f0def03bd12dfa75f71dd89f5c7
Opcode Fuzzy Hash: 97943e56d09cc65a01f1ffa4c8a8cc823c273bd14a470e1b53a3b0079fd14b18
Instruction Fuzzy Hash: 3792E1B1E04215CFDB04CF68D8516AEBBB2FF89310F298568E456AB3A1D735AD41CF90

Function 0090098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

9.5^, xrefs: 00900F9F
&> &, xrefs: 00900F89
cah`, xrefs: 0090107E
{, xrefs: 00901502
qrqp, xrefs: 00901089
%*+(, xrefs: 00900A77, 00900A86
gce/, xrefs: 00901073
,#15, xrefs: 00900F94

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: b648aa7a32b2ba96e5703830ba73d0725ed3a140b78f14b45b709cce4599000e
Instruction ID: c5fae8d16d502a87614191abdf5ba78739c1759da6a87d1905a2d72a55a0cbbe
Opcode Fuzzy Hash: b648aa7a32b2ba96e5703830ba73d0725ed3a140b78f14b45b709cce4599000e
Instruction Fuzzy Hash: 8A6296B16083818FD7308F18D895BABBBE5FF96314F08492DE49A8B691E3758940CB53

Function 008E1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

gfff, xrefs: 008E22E1
@, xrefs: 008E2C40
0123456789ABCDEFXP, xrefs: 008E157D, 008E15EB
0123456789abcdefxp, xrefs: 008E1587, 008E15F8
-, xrefs: 008E21ED
gfff, xrefs: 008E2297
gfff, xrefs: 008E2226

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 35eec4bcf71f960fbd8b7f9d84aeed3a793a272ad4b00f1f4726260b690cc098
Instruction ID: 7000928b290059c6f894183d1b7899d0209e9099d56b0c304a3ce4dcda3c21b2
Opcode Fuzzy Hash: 35eec4bcf71f960fbd8b7f9d84aeed3a793a272ad4b00f1f4726260b690cc098
Instruction Fuzzy Hash: 42D2F1716083918FC718CE2AC89436ABBE2FBD6314F188A2DE599C7391D774DD45CB82

Function 00ABEAE6 Relevance: 10.3, Strings: 7, Instructions: 1595COMMON

Download Yara Rule

Strings

97_o, xrefs: 00ABF5EB
Bs, xrefs: 00ABFA04
FL=, xrefs: 00ABECAB
ho, xrefs: 00ABF1AD
e?V_, xrefs: 00ABFBF7
O$\, xrefs: 00ABF0AB
fby, xrefs: 00ABF1F0

Memory Dump Source

Source File: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: 97_o$Bs$FL=$O$\$e?V_$fby$ho
API String ID: 0-278485656
Opcode ID: 48b3230ae26c44310281da8c8c23823207c1c1b9856f91654c1362ee717ddbe3
Instruction ID: 90a28e2f99a906e410ed9d31a1f61e3839f29b5640469805ccf1e056df2dfea5
Opcode Fuzzy Hash: 48b3230ae26c44310281da8c8c23823207c1c1b9856f91654c1362ee717ddbe3
Instruction Fuzzy Hash: 8DB2E5F3A082049FE304AE2DDC4567ABBE9EF94720F1A893DE6C4C7744E63598118797

Function 00AB6488 Relevance: 9.1, Strings: 6, Instructions: 1611COMMON

Download Yara Rule

Strings

B~{, xrefs: 00AB75B9
B~{, xrefs: 00AB75C7
`Z6o, xrefs: 00AB6E21
[>"&, xrefs: 00AB72F5
JF7, xrefs: 00AB6A34
]N, xrefs: 00AB6C72

Memory Dump Source

Source File: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: B~{$B~{$JF7$[>"&$]N$`Z6o
API String ID: 0-3083808329
Opcode ID: 77ab83a06e145aa648f9f32dcaae55d79c6d5ff99558140ac9928e289efc0b94
Instruction ID: 80ad48ea1efa3083e5322414d8f63e5f9f4fbcee8ad5ec3085561e6bc86cd33a
Opcode Fuzzy Hash: 77ab83a06e145aa648f9f32dcaae55d79c6d5ff99558140ac9928e289efc0b94
Instruction Fuzzy Hash: 9AB206F3A0C2049FE304AE2DEC8567AFBE9EF94720F164A3DE6C4C3744E67558058696

Function 00AB99DC Relevance: 7.9, Strings: 5, Instructions: 1679COMMON

Download Yara Rule

Strings

:YW^, xrefs: 00ABAC3C
b*c^, xrefs: 00ABA5F2
&?, xrefs: 00ABAC80
Of/, xrefs: 00ABA449
Z6_o, xrefs: 00ABA626

Memory Dump Source

Source File: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: &?$:YW^$Z6_o$b*c^$Of/
API String ID: 0-2273675
Opcode ID: 0561632612c3cd909b1de1b431b977d26aca147651260719149b4917a6c842cc
Instruction ID: 54c1a6c729de496576e91885a31a4d6c2ba72693f08aab2bfab27de4777dcf8d
Opcode Fuzzy Hash: 0561632612c3cd909b1de1b431b977d26aca147651260719149b4917a6c842cc
Instruction Fuzzy Hash: 51B248F3A082149FE3046E2DEC85B7ABBE9EFD4720F1A453DEAC4C3744E93558058692

Function 008E12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 008E28EA
0, xrefs: 008E243E
0, xrefs: 008E1DC1
0, xrefs: 008E1E88
@, xrefs: 008E3531

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 5e5f33e4d87e85824c1fead212d7ce6d3477a56706f2ea52a53c967aa0e7ea8e
Instruction ID: 583d126004b971ad351cf532774dd2ced285595ef617ffb2e735b6846cfa600a
Opcode Fuzzy Hash: 5e5f33e4d87e85824c1fead212d7ce6d3477a56706f2ea52a53c967aa0e7ea8e
Instruction Fuzzy Hash: 2462D07160C3C18BD718CE29C49476ABBE5FBD6308F188A2DE8D9C7291D774D949CB82

Function 008E164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 008E1F3C
0123456789ABCDEFXP, xrefs: 008E164F
+, xrefs: 008E1573
0123456789abcdefxp, xrefs: 008E1659
gfff, xrefs: 008E1F57

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 6a10f443551906ebb90279dfadd6e8891d82594e94d0030b2a47e78379df418f
Instruction ID: 9560722e23cdfba74a37b7aeb6183373c51f2c30b69901c457cd2ee6cae5ac34
Opcode Fuzzy Hash: 6a10f443551906ebb90279dfadd6e8891d82594e94d0030b2a47e78379df418f
Instruction Fuzzy Hash: CDF1C03160C7818FC715CE2AC48466AFBE2BBDA308F188A6DE4D9C7352D734D945CB92

Function 008E13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

-, xrefs: 008E1F23
gfff, xrefs: 008E1F3C
0123456789ABCDEFXP, xrefs: 008E13A3
0123456789abcdefxp, xrefs: 008E13AD
gfff, xrefs: 008E1F57

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: f99057d50777b1b85c3abb15dfa1eb045cfd311ebd8fd74e6e9f74066d118f2a
Instruction ID: d6b1c1b1dc9dba0e478f5d1a25da49d737b920b3df12000c58dd83c5082a5b17
Opcode Fuzzy Hash: f99057d50777b1b85c3abb15dfa1eb045cfd311ebd8fd74e6e9f74066d118f2a
Instruction Fuzzy Hash: 8BD18E3160C7918FC715CE2AC48466AFFE2BBDA308F088A6DE4D9C7356D634D949CB52

Function 0090FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

NA_I, xrefs: 0091036D
uvw, xrefs: 0090FE95
m1s3, xrefs: 0090FEC3, 0090FECB
:, xrefs: 00910087

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 457d303e45413b4077b6290afb7416a4588cda3da9e6e7824222cf652f99c139
Instruction ID: f78f65c4b5b540fc1793820cf2684255b57919b905494b1628022ab09108ddea
Opcode Fuzzy Hash: 457d303e45413b4077b6290afb7416a4588cda3da9e6e7824222cf652f99c139
Instruction Fuzzy Hash: B732A9B061C385DFD311DF29D880A6ABBE5BB8A300F14492CF5D58B2A2D376D985CF52

Function 008F3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 008F3C80
%*+(, xrefs: 008F3EC4
ss, xrefs: 008F3C79
;z, xrefs: 008F3C87

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 2cee8cebdab8472dde7e314122c0102c34c17256e9c30867253f0aed3fe3b77e
Instruction ID: 91fdbbf14e8ffa2ed75ed027044806473096c3d48c29aaa577a5f2dc0f48cff4
Opcode Fuzzy Hash: 2cee8cebdab8472dde7e314122c0102c34c17256e9c30867253f0aed3fe3b77e
Instruction Fuzzy Hash: 0D026BB4810B00DFD760EF39D986756BFF4FB05300F50895DE99A9B646E330A419CBA2

Function 00902260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

sj, xrefs: 00902327
lc, xrefs: 00902507
a|, xrefs: 00902317
hu, xrefs: 0090232F

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 83e5bd3112a17b874a47a34d33f9491926b3aca019ff383298cb0e85fb289cf4
Instruction ID: 03d9dbf5fa93c086eeaa89992ced8643d912a2f6ab0b837a1f1e7fbddc3f0334
Opcode Fuzzy Hash: 83e5bd3112a17b874a47a34d33f9491926b3aca019ff383298cb0e85fb289cf4
Instruction Fuzzy Hash: 34A17AB44083418FC720DF18C895A2BB7F4FF96754F588A0CE8D99B2A1E339D945CB96

Function 0090D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

KV, xrefs: 0090D97D
CV, xrefs: 0090D98B
#', xrefs: 0090D9EA
T>, xrefs: 0090D984

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 60b87213e70c7030e7030b6dcdda94ff4797bf726399e109fefb3a12626287c6
Instruction ID: 4e9c24aa3d95d955b31fed346d7c669c005694a6fb0ceacd4edaea165d000e75
Opcode Fuzzy Hash: 60b87213e70c7030e7030b6dcdda94ff4797bf726399e109fefb3a12626287c6
Instruction Fuzzy Hash: 4E8145B48017499FDB20DF95D28516EBFB1BF12300F605A08E8866BA95C374AA55CFE2

Function 0090AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 0090ACA9
,{*y, xrefs: 0090AD07, 0090AD13
(g6e, xrefs: 0090ACA1
lk, xrefs: 0090ACBC

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: e67fcf6a0c1d0159a25494d78dfc82bb2d1402874cc694df60dfec7c61258e8b
Instruction ID: 2103b44fd89a7bfdbd3072f9402758ad7314beb27efade0f56468c330dd686d6
Opcode Fuzzy Hash: e67fcf6a0c1d0159a25494d78dfc82bb2d1402874cc694df60dfec7c61258e8b
Instruction Fuzzy Hash: DA4161B44183828AD7209F20D940BABB7F4FF86705F54995DE5C8972A0EB32D944CB96

Function 0090C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0090C8C3, 0090C8CB
~/i!, xrefs: 0090C537
%*+(, xrefs: 0090C9E4, 0090C9ED

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: ce1994bc8de06d3a83c9e2126c9978ebe386a824e47b7cb44184f81aaae6e939
Instruction ID: d2c9b150a9b8a0aecceff43a039df606ae157288cab7dcd36e4e261018a718bc
Opcode Fuzzy Hash: ce1994bc8de06d3a83c9e2126c9978ebe386a824e47b7cb44184f81aaae6e939
Instruction Fuzzy Hash: DEE185B551D340EFE3209F64D881B2ABBE9FB85344F48892CE6D9872A1D731D815CF92

Function 00AC05F9 Relevance: 4.1, Strings: 2, Instructions: 1563COMMON

Download Yara Rule

Strings

Z\+, xrefs: 00AC1619
BGu, xrefs: 00AC1195

Memory Dump Source

Source File: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: BGu$Z\+
API String ID: 0-3594049236
Opcode ID: c4239c1918f834db861af9eccb85b04dc6d2cbaf849b4c90240f12b35dda0282
Instruction ID: fc542749800c5e9fafa5c1b8c68e7a8f23d9138254b3bdf6fd7b4265a478982b
Opcode Fuzzy Hash: c4239c1918f834db861af9eccb85b04dc6d2cbaf849b4c90240f12b35dda0282
Instruction Fuzzy Hash: F7B215F360C2049FE7086E2DEC8577ABBE9EF94720F1A493DEAC483744E63558058697

Function 00924040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009240A4, 009240AD
f, xrefs: 0092420C

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: e1357e29f0a01cfabdead0ccf3e6e26a607c8889652294c04c9b7f92e52a1e65
Instruction ID: 3140dd3024116bfac1b16e4c7ee4a4f9fbe8812c61d5876e1b5800e7aede7d6b
Opcode Fuzzy Hash: e1357e29f0a01cfabdead0ccf3e6e26a607c8889652294c04c9b7f92e52a1e65
Instruction Fuzzy Hash: F1129B715083519FC714CF18E880B2ABBE9FB99314F188A2CF4A58B295D735E945CF92

Function 0091F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 0091F6E6
dg, xrefs: 0091F7F5

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: e8bedf6b70296cb15a77cf5f477c5ec921dd5f4469f087c6931fec52cf2d567c
Instruction ID: 66fcdab931d8a3ef01d4e9dc6ac41636ae2a28a12b0018254de1a03eda41963c
Opcode Fuzzy Hash: e8bedf6b70296cb15a77cf5f477c5ec921dd5f4469f087c6931fec52cf2d567c
Instruction Fuzzy Hash: 56F19471618306EFE304CF24D8A1B6ABBE6FB86344F14896CF1958B2A1C734D985CF12

Function 008E35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 008E360E
Inf, xrefs: 008E3607

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 95219f8c437d99991bc6c76567851edcfa4dc4f600d81dece543ce8829c23be2
Instruction ID: a7f4cb9a5840428f84a7b0f04128341c16d7b23706d9d90b408510d539314ac3
Opcode Fuzzy Hash: 95219f8c437d99991bc6c76567851edcfa4dc4f600d81dece543ce8829c23be2
Instruction Fuzzy Hash: 9ED1F371A083519BC714CF2AC88461ABBE1FBC9750F248A3DF999D73A1E771DD058B82

Function 008FFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 009000F6
BaBc, xrefs: 00900197

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: c1623aa4316cdc64461e0e50d4464bf7efb14f504f79a6ccb5eed78b351561ba
Instruction ID: 7d3f926b74ce9e9a13be2ef806a1ed3ef86cc8dcfbd1a7aed30502a90b548be2
Opcode Fuzzy Hash: c1623aa4316cdc64461e0e50d4464bf7efb14f504f79a6ccb5eed78b351561ba
Instruction Fuzzy Hash: 095177B1A083818ED7318F18C881BABB7F4FFD6360F19491DE49A9B691E3749940CB57

Function 00B5780F Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

>S;~, xrefs: 00B57879
Z'o, xrefs: 00B578D3

Memory Dump Source

Source File: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: >S;~$Z'o
API String ID: 0-3845827107
Opcode ID: d07b22e6996a35a4254320a87ea4c18af16514f1d13518804424161ba5ab56fa
Instruction ID: 7e5fc55db20977335aaee8745798f1c84253d25268c716f919449411e4069b82
Opcode Fuzzy Hash: d07b22e6996a35a4254320a87ea4c18af16514f1d13518804424161ba5ab56fa
Instruction Fuzzy Hash: 80413AB378C201EBE3086D29FCD9736B7C99B54312F3605EEDE8392740ED6554089563

Function 008E5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 008E54C8

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 037e7b8ccfb217384f3f59e70a82fcbfc052b27b664334ce518f70c5b4112a6c
Instruction ID: 527fd40ad4ef6e86031ad8af619354137049452873895eaa277b56e0a81ef7c3
Opcode Fuzzy Hash: 037e7b8ccfb217384f3f59e70a82fcbfc052b27b664334ce518f70c5b4112a6c
Instruction Fuzzy Hash: 9422D3B6A08B828BE7158E1AD940327BBA2FFE230CF19856DD859CB391E771DC14C741

Function 009112D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 009115D1

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 385daf6d87e6e053ed02f6a4a4144d8edd16040e9c29ca025f1b6c7e6735f58f
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: DCF14871B083496FC725CE28C4507ABBBEAAFC5350F18C96DE99987382D634DC85C792

Function 0090AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0090B2D3, 0090B2DB

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9014ff3a16e1c1fd0ac0b7aa993ee9df9c820e962adc611cb95aadc385e3a215
Instruction ID: 17c7b01e632d7dac535f58c5342d804447dd976dc3af1e9895ef933622cb6b28
Opcode Fuzzy Hash: 9014ff3a16e1c1fd0ac0b7aa993ee9df9c820e962adc611cb95aadc385e3a215
Instruction Fuzzy Hash: 69E1A771508306CFC728DF28C89056EB3F6FF98781F64891CE5C5872A4E335A999DB82

Function 008F6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008F6EF3

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 085d7c4afb0a8b60f0b0f853bf04453ef48508ae91f3938aa7ba8fc1d808c83c
Instruction ID: 24b0ccb8e95cc48fd100da7b3b15140a8c25174bf4607a55fa1942483767f85d
Opcode Fuzzy Hash: 085d7c4afb0a8b60f0b0f853bf04453ef48508ae91f3938aa7ba8fc1d808c83c
Instruction Fuzzy Hash: B3F17BB5A14A098FC724DF38D891A26B3F2FF49314B148A3DD597C7691EB31E825CB41

Function 00907E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00908263, 0090826B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 90a1ff5b8382e3931e0c3c15f53fdb61ea9b1a5b8f0db8d937e91cdcedc2fc9c
Instruction ID: 46775dc336b55ff6ac7e8ac81d5fef48d9e720b902f4b97059ea479009026404
Opcode Fuzzy Hash: 90a1ff5b8382e3931e0c3c15f53fdb61ea9b1a5b8f0db8d937e91cdcedc2fc9c
Instruction Fuzzy Hash: 94C1B071A08311AFD710EB18C882A2BB7F9EF95754F484818F8C597292E735ED15CBA3

Function 00908D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00909233, 0090923B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 84dd84b1065d4d9288c395876abeea2dfdb0ad527669bed20771817c22c49ef9
Instruction ID: 84ee7d8839bc2fffb8adcc1642a11ef260bc3927b8b8ef12a00326d61cbd0602
Opcode Fuzzy Hash: 84dd84b1065d4d9288c395876abeea2dfdb0ad527669bed20771817c22c49ef9
Instruction Fuzzy Hash: 2DD1AC70628302DFD704DF68E8A0A2AB7E9FFC9314F49886CE89687291D735E950DF51

Function 00927FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00928167

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 1fdeab5fb0b0b58901c5140b98921afe592e55d111aba6f2233621aebccd6c56
Instruction ID: 80ef59ffb3cd0cc0b03841454e378654448c8e5c2941a819a13d6b2766fd431d
Opcode Fuzzy Hash: 1fdeab5fb0b0b58901c5140b98921afe592e55d111aba6f2233621aebccd6c56
Instruction Fuzzy Hash: 65D1E5729093718FC725CE18A89071FB6E1EB84758F158A2CE8B5AB399CB75DC06C7C1

Function 0090CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0090CDC3, 0090CDCB

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 121cd12d6a8e3718624c9e9b8244f92dd7feeccd724db5666762685435942fdf
Instruction ID: b4bd7fdeb211f8bf57d96a0c4143dce2c46922e39614f0615c94c36db3bf51ed
Opcode Fuzzy Hash: 121cd12d6a8e3718624c9e9b8244f92dd7feeccd724db5666762685435942fdf
Instruction Fuzzy Hash: 7FB1F0B0A093069FD714DF58D880B2BBBF6EF96340F144A2CE5C59B291E335E855CB92

Function 0091FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0091FCA4, 0091FCAD

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 6e83f44f6a21d063fab5f846e665c9670f234935e0082e7bc84d1185e055c837
Instruction ID: e1f14be2e7df81bdabc60cf9a272c9da0dd0f0284511d0a98983eba2e098cf98
Opcode Fuzzy Hash: 6e83f44f6a21d063fab5f846e665c9670f234935e0082e7bc84d1185e055c837
Instruction Fuzzy Hash: A481DEB0218309EBD710DF54E895B2AB7E9FB89701F04882CF5C587291D734D954DBA2

Function 008FD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008FD663, 008FD66B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 40753ce40724466f47ea163555b0ce55c1dd311f5bc55610d285fcf84ce547d9
Instruction ID: 89ea7461c51fb9d0bfd1e65819e771f2c68e252fd2d2ebe52f7120943150665d
Opcode Fuzzy Hash: 40753ce40724466f47ea163555b0ce55c1dd311f5bc55610d285fcf84ce547d9
Instruction Fuzzy Hash: 7F61C3B1908319DBD710EF68DC92A3AB3B1FF99354F080528FA85CB251E335D915DB92

Function 00924A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00924C33, 00924C3B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b64e559049ce8f550e3fb86481374db3d91f84d664a34cf750ef3d8481493423
Instruction ID: f21c5aa2f1db08aefd286dc276aef247d2a496897847b1071d6dbfbd83c029f6
Opcode Fuzzy Hash: b64e559049ce8f550e3fb86481374db3d91f84d664a34cf750ef3d8481493423
Instruction Fuzzy Hash: F861E17160D3219BD711DF29E880B2EB7EAEBC4314F19892CE9C587299D771EC50CB92

Function 008EE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 008EE333

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 632e5530aa74809af99f41621dcf78552e50c0eceaea2057ccb78ba98e490801
Instruction ID: 5ebae0d48f217884ff71e315f68e633b086eaf7507e999133ac5559de4aae122
Opcode Fuzzy Hash: 632e5530aa74809af99f41621dcf78552e50c0eceaea2057ccb78ba98e490801
Instruction Fuzzy Hash: 33513623A1D6D04BD328893E5C512AA7A876BA3338B3DC769FAF1CB3E5D55588019380

Function 00923920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009239E3, 009239EB

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e5b38ed70cbded5f5381af224fbad8af0b8f243024691d45a17a2a6dc990a691
Instruction ID: c60b9ff49e4c14d4274748c6c1ef5e3a813353e7f1ad714507839ae36349fd62
Opcode Fuzzy Hash: e5b38ed70cbded5f5381af224fbad8af0b8f243024691d45a17a2a6dc990a691
Instruction Fuzzy Hash: F151C134619210DBCB24DF19E880A2EB7E9FF89704F14C82CE4C687255C33ADE50DB62

Function 0095A3CE Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

|0^~, xrefs: 0095A577

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: |0^~
API String ID: 0-3074623817
Opcode ID: 556ea2fe3e55c3ad7f38df02fb6aa95f435ee4f2abb38c27fa4a59d37b1f652f
Instruction ID: a32252d0cf7cdba91772bbafea0b3e20fa878d4530ae8df4c48854a51df6414a
Opcode Fuzzy Hash: 556ea2fe3e55c3ad7f38df02fb6aa95f435ee4f2abb38c27fa4a59d37b1f652f
Instruction Fuzzy Hash: 7151E1B391D2109FE3086E29DC547BAFBE6EF94720F26452ED6C483784DA3848408B96

Function 008F1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 008F1C3E

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: c2b510b95ba467fb9fef37428be32da0c871dbd205a343c446dd67bbada166df
Instruction ID: 0df7e335193d5e63c184eb206fef19350b58f63628bd7918a7b68f50712890b0
Opcode Fuzzy Hash: c2b510b95ba467fb9fef37428be32da0c871dbd205a343c446dd67bbada166df
Instruction Fuzzy Hash: 724142B401C3849BCB14AF24C894A2BBBF0FF86354F04891CF6C59B291D736D9158B56

Function 0091FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00920033, 0092003B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 3c2dd37e4e7b2a4f7fbd22d715c6ef66efb37bb3acb513515bff1aee56520de8
Instruction ID: d469d5cc1b81cbd670e72a95bceed68eb1f8652bcc33b271ae2cdceb81436ae6
Opcode Fuzzy Hash: 3c2dd37e4e7b2a4f7fbd22d715c6ef66efb37bb3acb513515bff1aee56520de8
Instruction Fuzzy Hash: F531B2B1A48325ABE610EA54EC81F2BB7E9EBC5744F544828F88597257E231D814C7A3

Function 0090E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 0090E6A2

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: da5eff9787ec7a0175395b20bfd03753b60678c92c988ab26692553d430fe580
Instruction ID: 60f37f8648c7509cfdd21cab5b415b5bb2dbf5fe344dd29d59c2f8544e305556
Opcode Fuzzy Hash: da5eff9787ec7a0175395b20bfd03753b60678c92c988ab26692553d430fe580
Instruction Fuzzy Hash: BE31E4B5E04245CFCB20CF99E8806AFB7B4FB5A744F140868E446A7351C335A905CFA2

Function 008F6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008F703B

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 71e7969be160cdbe0cf25301b1ae08922177b82abc0700a2f0a9e45a0d4420fc
Instruction ID: 40a242adec9aabc2947fda34f29e588ce460039badb3c39d17e4e68fec90f1bd
Opcode Fuzzy Hash: 71e7969be160cdbe0cf25301b1ae08922177b82abc0700a2f0a9e45a0d4420fc
Instruction Fuzzy Hash: 21415771215B08DBE7348B65D990B26B7F2FF49700F14891CE68A9BAA1E731F810CF20

Function 0090E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 0090E6A2

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 5907cd37b5bca17ad1582927a1bde3321278ab64695573b6192dec36acd05111
Instruction ID: 4706fed6f5f31a1f78afbb0c52bd945ab4b6a545ce907e8213a06830aaaaefbe
Opcode Fuzzy Hash: 5907cd37b5bca17ad1582927a1bde3321278ab64695573b6192dec36acd05111
Instruction Fuzzy Hash: 7B21D1B1904204CFC720CF95E88066FBBB5FB1A744F14082CE446AB351C335AD01CFA2

Function 00929CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00929D30

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: ce3d9f7ccdbc7cdc85dc8e7dd6d3649f110aba5a2f9bf9c396f3bbdd509b59e2
Instruction ID: e60f3b63ff023bb70c461f724c4fc8a09ed78bdbd4c5e9e92831dd3736ab44c8
Opcode Fuzzy Hash: ce3d9f7ccdbc7cdc85dc8e7dd6d3649f110aba5a2f9bf9c396f3bbdd509b59e2
Instruction Fuzzy Hash: 183154709093009BD314EF19E880A2AFBF9FF9A314F54892CF6C997295D335D904DBA6

Function 008F4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c14e3840b2ddda989b7fb981631ba47e05a5cb3a77834ead98d60b693fa5afef
Instruction ID: 2e57924cba2a26e97950d64ef12f63327485b2250d43d2e687888638cae6409a
Opcode Fuzzy Hash: c14e3840b2ddda989b7fb981631ba47e05a5cb3a77834ead98d60b693fa5afef
Instruction Fuzzy Hash: CB6246B0510B448BD7258F28D990B27BBF5FF5A700F54892CD69ACBA52E734F804CB91

Function 008EBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 5c11792751d1c4f3fb8b96bd823ec70b5610c74d551a7b2d0ab0979d3e1cb76a
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 7F521632D087558BC7259F1ED8402BAB3E1FFD6319F294A2DD9D6D3280D734A852CB86

Function 00928652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d77ad126b44345192c44d16ebff01575875ad458cda50b4ecc05fe64e4b5f1
Instruction ID: 0b1aa94272bc3dabbb5d7f6a8874e3f7cf823aa0442914c1d7b771844921bbdc
Opcode Fuzzy Hash: 13d77ad126b44345192c44d16ebff01575875ad458cda50b4ecc05fe64e4b5f1
Instruction Fuzzy Hash: B122C83561D351CFC704DF68E89062ABBE1FB9A315F0A886DE98987361C735E850DF82

Function 009286F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f5741dfb9b99633f01b853f21f4f96848435d8c9bdf3b9e77e2091924c89ec
Instruction ID: 33e935aed973ee13762c18bb80f10ea6b29b66ee8cd8dfb128c4c31aa572bce0
Opcode Fuzzy Hash: 89f5741dfb9b99633f01b853f21f4f96848435d8c9bdf3b9e77e2091924c89ec
Instruction Fuzzy Hash: 3A22B73561D350DFC704DF68E89062ABBE5FB9A305F0A896DE48987361C735E850DF82

Function 008EB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2045a78a5c60ff48a0395e9c5a5fd8c97fb8d94183ab5b5d8404e603542685a5
Instruction ID: 9f84180de26204f9e3a9c07b340d04aad6969ec9bd098cdf98e23f80d797e059
Opcode Fuzzy Hash: 2045a78a5c60ff48a0395e9c5a5fd8c97fb8d94183ab5b5d8404e603542685a5
Instruction Fuzzy Hash: 0852B370908BC99FE735CB25C4847A7BBE2FF92314F14482DC5E686B82C779A885CB51

Function 008E71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 837bf82cf8fc1640cad0965b62dd52e3081be37f69f042f3d17e18c652a4795b
Instruction ID: 590d332a4dd6ab965454e7166634f0e9c52bb5001a5ec6376097a6c7d8948016
Opcode Fuzzy Hash: 837bf82cf8fc1640cad0965b62dd52e3081be37f69f042f3d17e18c652a4795b
Instruction Fuzzy Hash: 7452C43150C3958FCB15CF2AC0806AABBE1FF8A318F198A6DE8D997351D774D949CB81

Function 008E8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 831cb846493de8bd8761281901f582f9c06933893a60a597ea22bb6b68d43730
Instruction ID: c5f35ee270807459e2413d193b85ccaa5de6555edad5bd3af3aa516dc25a36e9
Opcode Fuzzy Hash: 831cb846493de8bd8761281901f582f9c06933893a60a597ea22bb6b68d43730
Instruction Fuzzy Hash: E0429475618341CFD718CF28D8907AABBE1FB89315F08886CE4858B3A1D375D986DF82

Function 008E7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1894e511e5d299bde09b2b5e167b72cf1c206c1546953e2bcfcb34ac71fb00
Instruction ID: 33ee9a7f96f8cb774ebae177ecdfa8bbc3e3ac7eec82acf3719c00be41c1ac69
Opcode Fuzzy Hash: 4c1894e511e5d299bde09b2b5e167b72cf1c206c1546953e2bcfcb34ac71fb00
Instruction Fuzzy Hash: 6432F270518B95CFC368CE2AC59052AB7F2FF46710B604A2ED6A787B90DB36F845CB10

Function 009289A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5588997b8faea2997da8b8ba3ce7a0328e11ef6ccbe7b3838782b400bdb70762
Instruction ID: 1dedbc913c3a77c1e08bd4ece58510bcabdd8338772a3057c9326c4a8cdd88f5
Opcode Fuzzy Hash: 5588997b8faea2997da8b8ba3ce7a0328e11ef6ccbe7b3838782b400bdb70762
Instruction Fuzzy Hash: 7F02A93561C251DFC704DF68E880A2ABBE5EF8A305F0A896DE4D587361C336E854DF92

Function 00928A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7289f63b6486ded1d3101bbfa7bb3d1be83a45806ccf8b715dda7a2465a1fc7d
Instruction ID: 5bf98fc23e2959fdd72b04eed83ac27af9596861df3130e3684d5b0b11c6b252
Opcode Fuzzy Hash: 7289f63b6486ded1d3101bbfa7bb3d1be83a45806ccf8b715dda7a2465a1fc7d
Instruction Fuzzy Hash: ABF1873561C351DFC704DF68E880A2AFBE5EB8A305F09896DE4D987261D736E910CF92

Function 00928C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd596602ea40688ae1d1d3e0c7b445721177fed148927f87ec9bb63f8af85551
Instruction ID: d6b5a85d760fa2674f3d624faa8f95f868daff96a61f04de6cd0aa6ea943c668
Opcode Fuzzy Hash: fd596602ea40688ae1d1d3e0c7b445721177fed148927f87ec9bb63f8af85551
Instruction Fuzzy Hash: 54E19B3161C251CFC704DF28E88062AFBE6EB8A315F0A896CE5D997351D736E914CF92

Function 008EA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: da13f67fecbf737709713a4519360d930361adfff847e0f8d65d3247d53bd0fa
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 7FF19C756083858FC728CF2AC88166ABBE6FFD9300F08882DE4D5C7751E639E945CB52

Function 00928E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c7e04200175a2800ad44ee47368deccacb06c1f8c618d7265c7baa409627af8
Instruction ID: a200592d3fc594da47560f6c7833d3894c3537112d55cc6dae9120beddda09ec
Opcode Fuzzy Hash: 7c7e04200175a2800ad44ee47368deccacb06c1f8c618d7265c7baa409627af8
Instruction Fuzzy Hash: 7ED19B3461C291DFD704EF28E980A2EFBE5EB8A305F09896DE4D587251D736E810DF92

Function 008F4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66ddade25936d452b88d91ca35cd92ff77c60048d24336827c8e9babd6df9e41
Instruction ID: 9437448edffa5c5c5124df62fcf971c16508c4c518f1fdc7af57734f4f77c508
Opcode Fuzzy Hash: 66ddade25936d452b88d91ca35cd92ff77c60048d24336827c8e9babd6df9e41
Instruction Fuzzy Hash: 6AE110B5511B008FD321DF28D9A2BA7BBE1FF06704F04886DE5AAC7762E735B8148B54

Function 00926CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3113edd2116d0eaa1c8c610e0b7a282cbc506bf549676fe76a6b75e28cb363
Instruction ID: 4b9a839c20090c2d90388298bd8247fdb6651351ee0877770430908f0327cedb
Opcode Fuzzy Hash: cf3113edd2116d0eaa1c8c610e0b7a282cbc506bf549676fe76a6b75e28cb363
Instruction Fuzzy Hash: BCD1BE3662C395CFC714CF28E88052AB7E2BB89314F098A6CE895C73A1D334DA45DF91

Function 00927AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0d6b809cfc060659ccd61a4bbd45de16988e7ee79adb84fb3d649fd017fbdd
Instruction ID: 8a03083194c9591a2899ade6af5e42957b78f954aae245bcbd5440eb083a1d7d
Opcode Fuzzy Hash: 6b0d6b809cfc060659ccd61a4bbd45de16988e7ee79adb84fb3d649fd017fbdd
Instruction Fuzzy Hash: 05B1F472A0C3605BE314DEA8EC41B6BF7E9AFC5314F04492CF999A7395E635DC048792

Function 008EAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: b9e409e2176953524539d726791bdc65d579bd2476350d371ff2c726755accb4
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 20C16CB2A087818FC360CF69DC967ABB7E1FF85318F08492DD1D9C6242E778A155CB46

Function 008F6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88035c988ad0d90deccb3cac1330ddd932e66d373bb958ccbabb9469dad931a7
Instruction ID: 8abe304da1d22fda311f8351762625e6966156d5df41f6b22b92d79955479d9f
Opcode Fuzzy Hash: 88035c988ad0d90deccb3cac1330ddd932e66d373bb958ccbabb9469dad931a7
Instruction Fuzzy Hash: 5CB101B4600B448BD3218F28C981B27BBF1FF4A704F14895CE8AA8BB52E735F815CB55

Function 00927710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 944f7235a19bf1f16ed550b14626c1ee4cd794bce2b789b6f69465bea3622851
Instruction ID: 31708850bbbb41b59e20e9a3934d601628d1c9b49af178b049d5f2335bcfb08c
Opcode Fuzzy Hash: 944f7235a19bf1f16ed550b14626c1ee4cd794bce2b789b6f69465bea3622851
Instruction Fuzzy Hash: 4691AE7560C321ABE720DB94E881B6FF7E9EB89350F54881CF985A7355E730E940CB92

Function 0092A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aee2406ebfd6c43e5211dc0b2958435e5934766059cd4a8a8f30ae97f083fa5a
Instruction ID: 4def4f874ce7dc243b36ed99f465d1546bb807c111e4406a8b72774ada2c80dd
Opcode Fuzzy Hash: aee2406ebfd6c43e5211dc0b2958435e5934766059cd4a8a8f30ae97f083fa5a
Instruction Fuzzy Hash: 6B818E352097118FD724DF28E880A2AB7F9FF89750F55892CE586CB256E731EC11CB92

Function 009164F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f439d42bd844570f83288b87487ed2f6040b02cfba617c602e3f2bf0a4bda8a
Instruction ID: a12b0835c4af1caa4e47fbd16c26b948c26a2de0e135a320aad4ffccc57ae88e
Opcode Fuzzy Hash: 3f439d42bd844570f83288b87487ed2f6040b02cfba617c602e3f2bf0a4bda8a
Instruction Fuzzy Hash: 6E71F633F29A944BC3248D7C4C823E5AA834BD6334B3EC779A9B4CB3E5D56948465381

Function 009028E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96da6454b983a27ea96287e5285f9181decdd98dced091e7ef3abd67c42cd654
Instruction ID: 1bf7c4d995854d977c0b6d9e1c9731d4f6232f1ccc03d4971ffc7588914435d9
Opcode Fuzzy Hash: 96da6454b983a27ea96287e5285f9181decdd98dced091e7ef3abd67c42cd654
Instruction Fuzzy Hash: 7A6186B44183908FD310AF19D855A2BBBF4FFA2754F18891CE8C58B2A1E339D910CB67

Function 00907C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2e27e1494a3e442d9c95d98d81c367d96710980c27ca58359c418eb62719bc
Instruction ID: 83fe3d17919a798bf5c3ec08e1a2daaaac126c01c3bde4f516c958651554905d
Opcode Fuzzy Hash: 6f2e27e1494a3e442d9c95d98d81c367d96710980c27ca58359c418eb62719bc
Instruction Fuzzy Hash: 1051B0B1A08214AFDB209BA4CC86B77B3A8EF85368F144958F985CB3D1F375E805C761

Function 00911860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 80d37e3939cbacf5c95c5b3c219a95c493ed0db225d17a92f25e741a86d4d2f0
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 1361E03170930ABBD714CE28D5803AEBBEAAFC5350F64C86DE6998B351D274DCC19B42

Function 009182D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3fcfc3dbf6f59bd71ef8402d66b4dae1a53507971af8f2bb7af29022a07ff4e
Instruction ID: cb026035a0bb9366bd3a8da65af4a303562ffc90844b6294fa100aeac3f0340a
Opcode Fuzzy Hash: c3fcfc3dbf6f59bd71ef8402d66b4dae1a53507971af8f2bb7af29022a07ff4e
Instruction Fuzzy Hash: 1A612623B5E9958BD324453C5C553EB6A835BD6330F3EC7A6A8B28B3F4CD6D48826341

Function 008F42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8401dd17ddc04ad7372726ad49762a4a539337fcdf40e8f3826d36f2af9d15
Instruction ID: b7b3a07a2ea93c9c635aad528175165c8908b03dde420efd496c7d34e9359f10
Opcode Fuzzy Hash: 9d8401dd17ddc04ad7372726ad49762a4a539337fcdf40e8f3826d36f2af9d15
Instruction Fuzzy Hash: 7281EDB4810B40AFD360AF39D907757BEF4FB06201F404A2DE9EA96694E7306459CBE3

Function 00A79812 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df008311b82ff24cd066c8d0e8392f4a24113d7801ce00d7107a894b630c9a92
Instruction ID: f6d5e2015b6b7799266f00cc794d9a7afb288d6c0371fb0cfab516d8a9c05145
Opcode Fuzzy Hash: df008311b82ff24cd066c8d0e8392f4a24113d7801ce00d7107a894b630c9a92
Instruction Fuzzy Hash: 285123F3A097008FF344AE6ADC847BABBDAEBD4320F16853DD7C487784E53959058686

Function 00A9F9CC Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf919eee84455e3cf0a86c9af8969c0a72d8a0062b790cfe1d0549629c1f89c
Instruction ID: 907153234f0ebeb807ad862641ad3fa35456c9eb1fe85a82d78ff364cd1e8572
Opcode Fuzzy Hash: fcf919eee84455e3cf0a86c9af8969c0a72d8a0062b790cfe1d0549629c1f89c
Instruction Fuzzy Hash: BF61DFB3F502204BF3544D38CC583A17692DB95320F2F83798E49AB7C6D8BE5D4A8384

Function 0091E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 07df709a60472c93b27135503b1bebaaa41d92772b75e7b66b8a8bed65594823
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: BE515CB16087548FE314DF69D49435BBBE1BBC9318F044E2DE4E987350E379DA488B82

Function 00A72CA7 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3013e1f281e3b5257ccb2fd032813a559345b4d879d13f14563f785aaec3bacb
Instruction ID: e881f957aff8c2b10e50683371bfefa1982c99a469783c229602aa852eb534b5
Opcode Fuzzy Hash: 3013e1f281e3b5257ccb2fd032813a559345b4d879d13f14563f785aaec3bacb
Instruction Fuzzy Hash: 9A5126F3D09224ABE3105E29DC0576BFBD5EBD4320F1A8A3DE9C8D3744E63989418692

Function 00927520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb7cd63c93ebb0b91c1ddb218790b26900c2d5a137e5123f89663fb8ce7ea7b
Instruction ID: 0e9f64d4242b6d14065aa0f0ca34e79f4af1a42ea4a88e1d8fe8070f3545f2dc
Opcode Fuzzy Hash: 5bb7cd63c93ebb0b91c1ddb218790b26900c2d5a137e5123f89663fb8ce7ea7b
Instruction Fuzzy Hash: D651093160D2209BC7159E58EC90B2EF7E6FB89354F284A2CE8D567395D731EC10CB92

Function 009BBC7D Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770edf000d5d753f31afa1604d39a1a56b0121b82dfde4d950f07e3bf1536c1e
Instruction ID: 6780e205357354b498974ad9fa99ff31baf4701f3ee5ddb8a6cd0aeb72798b77
Opcode Fuzzy Hash: 770edf000d5d753f31afa1604d39a1a56b0121b82dfde4d950f07e3bf1536c1e
Instruction Fuzzy Hash: 6751AFB3B082049BE3186E2DDC9476AF79ADFD4360F2A413DE9C153384E9752C058682

Function 008E5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2072b10234f1ca91369489856e2646ea7c5f41147345ec4106ebacb4023f619c
Instruction ID: 19e0a1d91c4a33584ff92300307a35ff87044f81d804f94ef03b3ae905aec6e4
Opcode Fuzzy Hash: 2072b10234f1ca91369489856e2646ea7c5f41147345ec4106ebacb4023f619c
Instruction Fuzzy Hash: 1151C1B5E047549FC714DF19C89092AB7A1FF86328F1546ACE899CB352D731EC42CB92

Function 00A471D0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e51f5f45498d858465175140675e65bfa65c03e658a6270f59c713bd8596fb
Instruction ID: 9583455349be034016c47c44474bd81777e987877a275240144890781a91d217
Opcode Fuzzy Hash: 31e51f5f45498d858465175140675e65bfa65c03e658a6270f59c713bd8596fb
Instruction Fuzzy Hash: 5D417AF360D20C6FE308A92DEC41776B7DADBE4320F2A863DE684C3784F93569158256

Function 0090EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c849f370149030daa29466b87f17bd62fbad701b42e6c7a8c7a929a8dc9744bc
Instruction ID: 5b07d1e51711f4db81efb0b5331855d5c4780647c543021ab3bb8b2296dd7ec3
Opcode Fuzzy Hash: c849f370149030daa29466b87f17bd62fbad701b42e6c7a8c7a929a8dc9744bc
Instruction Fuzzy Hash: FD419D78900329DFDF208F54DC91BA9B7B0FF0A300F144548E985AB2E1EB39A951DB91

Function 00929B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17a1b8410a6b64a7c71cfdd066af61f6d909d31401f14c0991eb5d1bb725f0a
Instruction ID: a23a55c5156306291fa67f529daea2364e5ecc0239a7efb3024746d55b71ef75
Opcode Fuzzy Hash: f17a1b8410a6b64a7c71cfdd066af61f6d909d31401f14c0991eb5d1bb725f0a
Instruction Fuzzy Hash: A741AC74208310ABD710DF14E990B2AF7EAEB89714F55882CF5CA9B255D335E801DBA2

Function 00A420C6 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b859dcb93bea00fad8bca2125b5aa3709bf71e89a23125b7527bc1966946992
Instruction ID: 3a1c08b5cb32d657a4796e4b7d3ccc6220e47ac3f4b2d8886c4d57386e42398c
Opcode Fuzzy Hash: 4b859dcb93bea00fad8bca2125b5aa3709bf71e89a23125b7527bc1966946992
Instruction Fuzzy Hash: 49415AF7E497144BF3049929DCC47BAB686DBD4724F2B823D9A8993B84EC7948058185

Function 009D56C9 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eec5ac025fbcc52b00331ecae95b99ce5b592915f279f1003881a3282ba6036
Instruction ID: 6662a1ecd6599de57a75466744c9804bcd9c4978081655a69f0b89c3011fb5d3
Opcode Fuzzy Hash: 5eec5ac025fbcc52b00331ecae95b99ce5b592915f279f1003881a3282ba6036
Instruction Fuzzy Hash: C2410CF3A086009FE308AF28DD8577AB7E6EB94320F2A463DDAC5833C4E53D54458693

Function 008F2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52116b4301832c68aada3637c1c1b00bae835de4d5a4fd4da9c3e92d379f365e
Instruction ID: 3bc180c0e4392c8c295ed6334bb2ce994c4a88761b8e70fd9aa3ab1aaef5a1b8
Opcode Fuzzy Hash: 52116b4301832c68aada3637c1c1b00bae835de4d5a4fd4da9c3e92d379f365e
Instruction Fuzzy Hash: EA41D572A087694FD35CCE3984A023ABBE2ABC5300F09866EE5D687390DA748945DB81

Function 008F1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a209afde36b35e43c23b7f5c1997fd577c576fe72d020cfc7108dc2d61355f
Instruction ID: ecd57712a4b9110b8d10a76b2b00b436b48dbef67f48494426b8a4ed00bf47b7
Opcode Fuzzy Hash: f6a209afde36b35e43c23b7f5c1997fd577c576fe72d020cfc7108dc2d61355f
Instruction Fuzzy Hash: BE41EE7450C3849BD720AB68C888B2EFBF5FB8A354F14491CF6C497292C376E8148B66

Function 00928D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a1f85f728665dcfb53b76341e8cc96314dfdad7afcaf2ebb7b2270f60eff6c5
Instruction ID: 094f3e14caa4bfa89561c8072279c8b81c52da44b12977cd1b8439790fc85d17
Opcode Fuzzy Hash: 5a1f85f728665dcfb53b76341e8cc96314dfdad7afcaf2ebb7b2270f60eff6c5
Instruction Fuzzy Hash: E741D23260D2618FC304EF68D49062FFBEAAF99310F098A1DD4D5D7291CB74DD058B82

Function 008FD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda8dc59b8bec120712b79c5e0de4ce947e704e5d218d0e668766cf0866dc657
Instruction ID: 6724dde61e6d827138fa43e6a448751a9f3a93b4efb626aab508c0bb76d73fd7
Opcode Fuzzy Hash: bda8dc59b8bec120712b79c5e0de4ce947e704e5d218d0e668766cf0866dc657
Instruction Fuzzy Hash: F241CEB16083958BD3309F24C845BBFB7B1FF96360F040958E68A8B761E7748941DB57

Function 0091F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: b9b7d17ab7006f18805445e246fbeb716ce8c8c0e2dbc1810067525d45e32b6d
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 3D210732A082285BC324DB59C89167BF7E8EB9E704F06863ED9C4A7295E3359C5487E1

Function 009267EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45004af4949e7fbf8accf4e68a23be10f7b9ebffae69fee022b56d9a32831c0f
Instruction ID: 7410985443caa23733aaf1a4e26161c80c9ba5bf2129ed54c34f22d9a803b4cd
Opcode Fuzzy Hash: 45004af4949e7fbf8accf4e68a23be10f7b9ebffae69fee022b56d9a32831c0f
Instruction Fuzzy Hash: 5A31327051C3929AE714CF14D490A2FBBF0AF96388F50990CF4C8AB265D738D985CB9A

Function 00905E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e811e2afbf819381876faabd54fb5006624ca67e5b99f05f2e22be059664eba
Instruction ID: 6547f0bb5340989434ad2380ea79efef8c42551160639a65797796169f60a7c8
Opcode Fuzzy Hash: 1e811e2afbf819381876faabd54fb5006624ca67e5b99f05f2e22be059664eba
Instruction Fuzzy Hash: E021A1B15082119FC310AF18C855A2BB7F8EF92764F458918F4D99B291E338C900DBA3

Function 008E49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 29d4cb21671f351ba93df5dc8fada8b8c88ab0da0cbd55fb317249dd05e65c58
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: D131EA316482909BD7109F1AD88093BB7E1FFC6368F18993CE89EDB252D231DC52CB46

Function 00B72EDB Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d0d2d3cd0c8115d068453ea28ef9d09a328d8f49bba6aaff64b2de85427d011
Instruction ID: 20a41d70e414628e2412b32a2121f25bf86d08a22b02d937ca0f82125704963a
Opcode Fuzzy Hash: 3d0d2d3cd0c8115d068453ea28ef9d09a328d8f49bba6aaff64b2de85427d011
Instruction Fuzzy Hash: 072197B351C6049FE305AE28DC41BBEB7E5EF98324F05492DE6D5D2654D73498008693

Function 009264B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94da1e6833fcc563387c457583c7489d98452fdc830aa2869f9c6d92b8449db
Instruction ID: 2acf2bb1b5f9ea8c706066658ae4da24c70da5e681f5dc7a2ea619b5089d0134
Opcode Fuzzy Hash: b94da1e6833fcc563387c457583c7489d98452fdc830aa2869f9c6d92b8449db
Instruction Fuzzy Hash: BA21757461C251DBC704EF19E880A2EFBE6FB89741F28881CE8C593765C334A850DF62

Function 00925700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82c00de2d079f5f53840fdf802f3b165317273f2d052636dcfb0db11aff08166
Instruction ID: 5697b19705281c6fd6f7825c3e418842fff8a91dc9358562b726b7a98f059696
Opcode Fuzzy Hash: 82c00de2d079f5f53840fdf802f3b165317273f2d052636dcfb0db11aff08166
Instruction Fuzzy Hash: B411A07195C250EBC301AF28F841A1BBBF9AF96710F058828E4C49B225D339D910CB93

Function 0091B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 44510614ee76daf851889e26d085a376ade097d35fcd48ea6efca4020d031d97
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 4D11E533B051DD0EC3168D3C84405A5BFA31AB7274B598399F4F89B2D2D7228DCA8364

Function 00910B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 0f6ff8400f6b49f739128ad7adf469b1e49b8ef14ca24296bb5997759e6b0ddd
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: DF01B1F5B4430647EB209E1594D1B7BB2ACAFC1718F08453CE81687202DBB7EC85C692

Function 0090D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37690285a5933911672299ea7dd1542973168e14f59cdbbfd1676a00dadad17
Instruction ID: f9bb5bfabef88cf0e12263edaad74caec49e8fc4170d1114480c52ba520a5750
Opcode Fuzzy Hash: f37690285a5933911672299ea7dd1542973168e14f59cdbbfd1676a00dadad17
Instruction Fuzzy Hash: FE11ECB0418380AFD3109FA58484A2FFBE5EBA6B54F148C0DF6A49B251C379E859CF56

Function 008E6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25f38a0cb9f3f0df34c5482e4005710c9bef2afb14fb03aefaaaab49f7646f3
Instruction ID: 8add89985e43e66daae941503648270e930a763cfcc0efcf58d1c43fa47f259d
Opcode Fuzzy Hash: f25f38a0cb9f3f0df34c5482e4005710c9bef2afb14fb03aefaaaab49f7646f3
Instruction Fuzzy Hash: 7FF0503E71824A0BA210CDABE884837F3D6E7E73A4B141538EE40D3201DD71E80252D0

Function 0091B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 008FC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 008FB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 2c78bd78880ed3db384e4b6cddbda9c3d4efccbde483c000aeb84df7233f47de
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 43F0ECB160451857DF229A65DCC0F37BB9CDB97354F190436E945D7103D2615845C3EA

Function 00918220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e3e022106ade83692f68d8cae5fd9632194bf7518a99c9ff2793a6c90f6309
Instruction ID: 71b62d92bc078f4eb82e668abaf79effe1ab2686b188c01ae67265f26141aacc
Opcode Fuzzy Hash: 70e3e022106ade83692f68d8cae5fd9632194bf7518a99c9ff2793a6c90f6309
Instruction Fuzzy Hash: 5201E4F04147009FC360EF29C44574BBBE8EB48754F104A1DE8EECB680D774A5448B82

Function 00921440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 6c01adb09a6c84cea867d19359535620569f935fe0f6f609418386a3b39da6be
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 14D05E21608371469B649E19A400977F7E4EA97B11B89955EF58AE319CD230EC41C2A9

Function 008F1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02651de4f33f813718ee29a1614592f438ef36e026b15b2b22c7e6f7dbbd274d
Instruction ID: e10b7da1c397d748f39b6cef1d90b1953dddfc4930cac3aba4b857a36a60a8af
Opcode Fuzzy Hash: 02651de4f33f813718ee29a1614592f438ef36e026b15b2b22c7e6f7dbbd274d
Instruction Fuzzy Hash: 9CC01234A3C0048B8204AF10A8AD432A2B8A306308750603ADA02E3231CAA0D40AAA09

Function 00926094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c6e61c077a7e3f1362ddd6b32629bc649cadd64579528327633e6e35c816366
Instruction ID: 06ce4df64534c3198f164d18238be551409b506d73b3b451cd1f7908565d6eb4
Opcode Fuzzy Hash: 6c6e61c077a7e3f1362ddd6b32629bc649cadd64579528327633e6e35c816366
Instruction Fuzzy Hash: 4DC09B346BD00087D10CCF04E951576F3769B97B14724F01DC80623255C134D512AD1C

Function 008F1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1ba57f73d4e74dadd79dec0968e65245468a342ed62298956939790787779e
Instruction ID: a9329c7ee5f9614952c362e9e77a60bd9393f80120fea12badf00317e539801f
Opcode Fuzzy Hash: 3d1ba57f73d4e74dadd79dec0968e65245468a342ed62298956939790787779e
Instruction Fuzzy Hash: 1EC09B34A7D044CBC654DF95E9F9431A3FC930730C750303A9703F7271C5A0D40A9609

Function 00925FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1731187958.00000000008E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1731166955.00000000008E0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731249794.0000000000940000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731274171.000000000094A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731288930.000000000094B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731303699.000000000094C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731422637.0000000000AB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731445619.0000000000AB5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731466426.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731482221.0000000000AC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731515094.0000000000AD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731578196.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731599475.0000000000AD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731625163.0000000000ADD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731647178.0000000000ADE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731670410.0000000000AEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731686623.0000000000AEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731710599.0000000000B10000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731730994.0000000000B1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731756023.0000000000B34000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731773218.0000000000B37000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731790701.0000000000B44000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731810036.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731830575.0000000000B4B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731848397.0000000000B4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731864936.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731880374.0000000000B57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731901425.0000000000B64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731920552.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731936718.0000000000B69000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731951996.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731967128.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1731988786.0000000000B75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732007789.0000000000B82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732025037.0000000000BB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732078203.0000000000BDC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732097930.0000000000BDD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732112650.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732144199.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1732158365.0000000000BF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5685501e501d093073b6b71888f7c69f91ec298637880635e81a5a1f382e912c
Instruction ID: 180de01e6a3be74a4f1a58cae995a8e72248d33f94ad977301499544c0d55485
Opcode Fuzzy Hash: 5685501e501d093073b6b71888f7c69f91ec298637880635e81a5a1f382e912c
Instruction Fuzzy Hash: 1DC09224BBC0008BA24CCF18DD51936F2BA9B8BA18B14F02DC806A3256D134D5129A0C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 009250FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 008EFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 008ED110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00925BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 0092695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 008F049B Relevance: .3, Instructions: 264
COMMON

Function 008F0228 Relevance: .2, Instructions: 218
COMMON

Function 00923220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00923202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON