Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541815
MD5:	7278d758e8e7786b1d7727a46f4f3c65
SHA1:	af155f32ac5d05e6497c7fe89a452b267e2bb802
SHA256:	0d26d22740d109895c220988629336fb84b671ada3fd4a15585fb6769484cc16
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 2304 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7278D758E8E7786B1D7727A46F4F3C65)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "spirittunek.store", "mobbipenju.store", "licendfilteo.site", "dissapoiznw.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.361766+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	64816	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.100024+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	51364	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.327422+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	60052	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.291178+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	54677	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.386104+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	50682	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.269378+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	59187	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.375344+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	53753	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:11.342181+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	59993	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T07:28:12.961519+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49710	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.2304.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "spirittunek.store", "mobbipenju.store", "licendfilteo.site", "dissapoiznw.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: eaglepawnoy.store	Virustotal: Detection: 20%	Perma Link
Source: spirittunek.store	Virustotal: Detection: 21%	Perma Link
Source: licendfilteo.site	Virustotal: Detection: 18%	Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00DCD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00DCD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00E063B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00E099D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00E0695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00DCFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00E06094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00E04040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00DC1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00DFF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00DD6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00DED1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00DD42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00DE2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00DE2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00DCA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00E064B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00DDD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00E01440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00DEC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00DDB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00DEE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00DC8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00E07520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00DE9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00DD6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00DFB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00DEE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00E067EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00DED7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00E05700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00E07710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00DE28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00DC49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00DDD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00E03920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00DD1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00DC5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00E04A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00DD1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00DD1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00DD3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00DF0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00E09B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00DDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00DDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00E09CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00E09CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00DECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00DECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00DECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00DEAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00DEAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00DEEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00DE7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00DFFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00E08D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00DEFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00DEDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00DD0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00DD1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00DD6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00DCBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00DC6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00DEAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00DE5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00DE7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00DD4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00DDFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00DC8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00E07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00E07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00E05FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00DD6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00DFFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00DE9F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:50682 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:60052 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:51364 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:64816 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:53753 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:59187 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:59993 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:54677 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49710 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: studennotediw.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=a5b557e53b861fdaf256d188; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 05:28:12 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2210049312.00000000017C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rity-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api&
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api.
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store:443/apiM
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2210049312.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/I
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.2209841363.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211405589.0000000001767000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2209841363.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211405589.0000000001767000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900D
Source: file.exe, 00000000.00000002.2211405589.0000000001770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209841363.0000000001770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900xi
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2210049312.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
Source: file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/apitk
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2209841363.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD0228	0_2_00DD0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E0A0D0	0_2_00E0A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E04040	0_2_00E04040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042	0_2_00F99042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC1000	0_2_00DC1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD2030	0_2_00DD2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC71F0	0_2_00DC71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCE1A0	0_2_00DCE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC5160	0_2_00DC5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF82D0	0_2_00DF82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF12D0	0_2_00DF12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC12F7	0_2_00DC12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF23E0	0_2_00DF23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCB3A0	0_2_00DCB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC13A3	0_2_00DC13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCA300	0_2_00DCA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF64F0	0_2_00DF64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD049B	0_2_00DD049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD4487	0_2_00DD4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F97464	0_2_00F97464
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEC470	0_2_00DEC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8D437	0_2_00F8D437
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDC5F0	0_2_00DDC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC8590	0_2_00DC8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC35B0	0_2_00DC35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E086F0	0_2_00E086F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46699	0_2_00E46699
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC164F	0_2_00DC164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08652	0_2_00E08652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFF620	0_2_00DFF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB8C0	0_2_00DFB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFE8A0	0_2_00DFE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCA850	0_2_00DCA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF1860	0_2_00DF1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9A9E0	0_2_00F9A9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F959DE	0_2_00F959DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E089A0	0_2_00E089A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE098B	0_2_00DE098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0498F	0_2_00F0498F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8B960	0_2_00F8B960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E07AB0	0_2_00E07AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08A80	0_2_00E08A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E04A40	0_2_00E04A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F90A30	0_2_00F90A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC7BF0	0_2_00DC7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8BBC5	0_2_00E8BBC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDDB6F	0_2_00DDDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DECCD0	0_2_00DECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E06CBF	0_2_00E06CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08C02	0_2_00E08C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4BDF5	0_2_00F4BDF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102CC2B	0_2_0102CC2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE8D62	0_2_00DE8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEFD10	0_2_00DEFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEDD29	0_2_00DEDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD6EBF	0_2_00DD6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F93E9E	0_2_00F93E9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCBEB0	0_2_00DCBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEAE57	0_2_00DEAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E08E70	0_2_00E08E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD4E2A	0_2_00DD4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC8FD0	0_2_00DC8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E07FC0	0_2_00E07FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8EF94	0_2_00F8EF94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCAF10	0_2_00DCAF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00DCCAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00DDD300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.999445647689769

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00DF8220 CoCreateInstance,

0_2_00DF8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2949120 > 1048576

Source: file.exe

Static PE information: Raw size of aezggxfm is bigger than: 0x100000 < 0x2a6a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.dc0000.0.unpack :EW;.rsrc :W;.idata :W;aezggxfm:EW;vaaawynn:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;aezggxfm:EW;vaaawynn:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2dab0b should be: 0x2d1760

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: aezggxfm
Source: file.exe	Static PE information: section name: vaaawynn
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDD0EF push 0FB3C4CCh; mov dword ptr [esp], ecx	0_2_00EDD13C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDD0EF push 4D8A6247h; mov dword ptr [esp], ebp	0_2_00EDD1AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDD0EF push 216B7B12h; mov dword ptr [esp], ebp	0_2_00EDD1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDD0EF push 3334C9C4h; mov dword ptr [esp], edx	0_2_00EDD1E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106A103 push 5EB5FC33h; mov dword ptr [esp], ebp	0_2_0106A10B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106A103 push 415711F7h; mov dword ptr [esp], esp	0_2_0106A12E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01059121 push ecx; mov dword ptr [esp], 759EA0C3h	0_2_01059135
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC2061 push esi; mov dword ptr [esp], 3DD47149h	0_2_00FC209F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A1AE push 0AC416E7h; mov dword ptr [esp], ecx	0_2_0105A20F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ecx; mov dword ptr [esp], eax	0_2_00F99060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ecx; mov dword ptr [esp], 00000004h	0_2_00F99064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push edx; mov dword ptr [esp], 6FA2A31Dh	0_2_00F990CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 14E2A2F8h; mov dword ptr [esp], ebx	0_2_00F99118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push eax; mov dword ptr [esp], 568369D5h	0_2_00F9915C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 6039855Bh; mov dword ptr [esp], eax	0_2_00F99176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ecx; mov dword ptr [esp], esi	0_2_00F991A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ebp; mov dword ptr [esp], eax	0_2_00F991F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push eax; mov dword ptr [esp], edi	0_2_00F9920B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 73DA89F4h; mov dword ptr [esp], ebx	0_2_00F99216
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 70BD7810h; mov dword ptr [esp], eax	0_2_00F9926B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 5BDCA63Ch; mov dword ptr [esp], eax	0_2_00F9927B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 33A89EA9h; mov dword ptr [esp], edx	0_2_00F99290
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ebp; mov dword ptr [esp], edi	0_2_00F99379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ebp; mov dword ptr [esp], 4BABE027h	0_2_00F993CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ecx; mov dword ptr [esp], esi	0_2_00F993E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push edi; mov dword ptr [esp], 7FF7A359h	0_2_00F99408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push edx; mov dword ptr [esp], 62F57E0Ah	0_2_00F9945D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push esi; mov dword ptr [esp], edx	0_2_00F994C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ebx; mov dword ptr [esp], ecx	0_2_00F99576
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push 01F81E16h; mov dword ptr [esp], esi	0_2_00F995AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99042 push ecx; mov dword ptr [esp], eax	0_2_00F995E4

Source: file.exe

Static PE information: section name: entropy: 7.981699251489914

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E24136 second address: E23A08 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3CD902E8DDh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov dword ptr [ebp+122D1F27h], ecx 0x00000016 jmp 00007F3CD902E8E2h 0x0000001b popad 0x0000001c push dword ptr [ebp+122D12EDh] 0x00000022 mov dword ptr [ebp+122D2A25h], esi 0x00000028 call dword ptr [ebp+122D2401h] 0x0000002e pushad 0x0000002f xor dword ptr [ebp+122D20CAh], eax 0x00000035 xor eax, eax 0x00000037 mov dword ptr [ebp+122D20CAh], ecx 0x0000003d jmp 00007F3CD902E8E3h 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 pushad 0x00000047 cld 0x00000048 jnp 00007F3CD902E8DCh 0x0000004e mov dword ptr [ebp+122D1E7Dh], edi 0x00000054 popad 0x00000055 mov dword ptr [ebp+122D2D97h], eax 0x0000005b jmp 00007F3CD902E8E2h 0x00000060 mov esi, 0000003Ch 0x00000065 mov dword ptr [ebp+122D2A1Fh], esi 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f stc 0x00000070 lodsw 0x00000072 jmp 00007F3CD902E8DBh 0x00000077 add eax, dword ptr [esp+24h] 0x0000007b jo 00007F3CD902E8E8h 0x00000081 jmp 00007F3CD902E8E2h 0x00000086 stc 0x00000087 mov ebx, dword ptr [esp+24h] 0x0000008b mov dword ptr [ebp+122D1E7Dh], edx 0x00000091 cld 0x00000092 nop 0x00000093 pushad 0x00000094 push eax 0x00000095 jmp 00007F3CD902E8E5h 0x0000009a pop eax 0x0000009b jp 00007F3CD902E8DCh 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA05D6 second address: FA05DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F939DF second address: F939E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA25B7 second address: FA25C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA264F second address: FA265C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA265C second address: FA2661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2749 second address: FA274D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA274D second address: FA277D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edx 0x0000000c je 00007F3CD8D9BEA8h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F3CD8D9BEB6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA277D second address: FA27BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3CD902E8E0h 0x0000000c jmp 00007F3CD902E8E2h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jc 00007F3CD902E8DCh 0x0000001f jp 00007F3CD902E8D6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA282C second address: FA2836 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2836 second address: FA2840 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3CD902E8DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2840 second address: FA2877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007F3CD8D9BEB2h 0x0000000d jnc 00007F3CD8D9BEACh 0x00000013 nop 0x00000014 push 00000000h 0x00000016 mov ch, bh 0x00000018 mov dword ptr [ebp+122D38F4h], ecx 0x0000001e push 5C7F6C81h 0x00000023 jnp 00007F3CD8D9BEB4h 0x00000029 push eax 0x0000002a push edx 0x0000002b jc 00007F3CD8D9BEA6h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2973 second address: FA297D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90524 second address: F90541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90541 second address: F90576 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DAh 0x00000007 jmp 00007F3CD902E8E4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 jmp 00007F3CD902E8DAh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0CCA second address: FC0CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0CD7 second address: FC0CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0E78 second address: FC0E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0E7C second address: FC0E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0E82 second address: FC0EA3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3CD8D9BEB0h 0x00000008 jmp 00007F3CD8D9BEAAh 0x0000000d js 00007F3CD8D9BEA8h 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0EA3 second address: FC0EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0FE6 second address: FC0FEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0FEA second address: FC1013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F3CD902E8DCh 0x00000011 jnl 00007F3CD902E8E2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1013 second address: FC1030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB8h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1297 second address: FC12A7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3CD902E8D6h 0x00000008 jns 00007F3CD902E8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC12A7 second address: FC12B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F3CD8D9BEABh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC16B7 second address: FC16BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1C7E second address: FC1C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1C87 second address: FC1C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1C97 second address: FC1CA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEAAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1CA5 second address: FC1CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1CB5 second address: FC1CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC1E2E second address: FC1E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC27E8 second address: FC27F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC27F1 second address: FC27F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC27F5 second address: FC27FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC295B second address: FC2981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3CD902E8E6h 0x0000000a ja 00007F3CD902E8F2h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC2C8F second address: FC2CB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F3CD8D9BEA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F3CD8D9BEB6h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC2CB3 second address: FC2CCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F3CD902E8D6h 0x00000009 jg 00007F3CD902E8D6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98ADC second address: F98AE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98AE6 second address: F98AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98AEA second address: F98AF0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98AF0 second address: F98AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98AF7 second address: F98AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98AFD second address: F98B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98B0A second address: F98B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9971 second address: FC9991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E8h 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9991 second address: FC99A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F3CD8D9BEA8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC8A7B second address: FC8A88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9BE8 second address: FC9C01 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f je 00007F3CD8D9BEB4h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9C01 second address: FC9C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9C05 second address: FC9C13 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9C13 second address: FC9C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9C17 second address: FC9C1D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9C1D second address: FC9C2E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE33E second address: FCE342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE342 second address: FCE397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F3CD902E8E7h 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 jg 00007F3CD902E8D6h 0x00000016 jmp 00007F3CD902E8E8h 0x0000001b popad 0x0000001c pushad 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f jo 00007F3CD902E8D6h 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a jnc 00007F3CD902E8D6h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD830 second address: FCD84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD8D9BEB5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD84E second address: FCD86C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jp 00007F3CD902E8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3CD902E8DDh 0x00000011 popad 0x00000012 pushad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDB28 second address: FCDB39 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3CD8D9BEA6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDB39 second address: FCDB75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3CD902E8D6h 0x0000000a jmp 00007F3CD902E8E9h 0x0000000f popad 0x00000010 jmp 00007F3CD902E8E4h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDB75 second address: FCDB79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDCAD second address: FCDCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F3CD902E8D6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE1B5 second address: FCE1CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEBEA second address: FCEC0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c jl 00007F3CD902E8D8h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEC0B second address: FCEC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEEE6 second address: FCEF03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD902E8E9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF093 second address: FCF097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF097 second address: FCF0A9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F3CD902E8D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF0A9 second address: FCF0B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF187 second address: FCF1AF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F3CD902E8EBh 0x00000013 jmp 00007F3CD902E8E5h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF250 second address: FCF262 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F3CD8D9BEA6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF262 second address: FCF285 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF6A7 second address: FCF6B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF6B0 second address: FCF6B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF7DA second address: FCF7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F3CD8D9BEACh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCFC7F second address: FCFC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCFD44 second address: FCFD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCFD50 second address: FCFD54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD0296 second address: FD02EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F3CD8D9BEA8h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F3CD8D9BEA8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push edi 0x0000002a or esi, 12659E38h 0x00000030 pop edi 0x00000031 push 00000000h 0x00000033 mov dword ptr [ebp+1244CC10h], ebx 0x00000039 push 00000000h 0x0000003b mov esi, dword ptr [ebp+122D1D6Dh] 0x00000041 xchg eax, ebx 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD02EA second address: FD02EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1478 second address: FD1482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2687 second address: FD2714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3CD902E8DAh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F3CD902E8D8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a jng 00007F3CD902E8D7h 0x00000030 stc 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F3CD902E8D8h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 0000001Ch 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d push 00000000h 0x0000004f jmp 00007F3CD902E8E5h 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 jg 00007F3CD902E8D6h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD317C second address: FD3212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F3CD8D9BEAAh 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F3CD8D9BEB0h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F3CD8D9BEA8h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F3CD8D9BEA8h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 0000001Ch 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+122D2B93h] 0x00000054 mov dword ptr [ebp+1244F49Bh], edi 0x0000005a push 00000000h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jnp 00007F3CD8D9BEA6h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3212 second address: FD3216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3216 second address: FD321C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD321C second address: FD322D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD902E8DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD322D second address: FD3231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3BDF second address: FD3BE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD39C0 second address: FD39CF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3BE5 second address: FD3C3E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3CD902E8DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D2B0Fh] 0x00000011 push 00000000h 0x00000013 mov di, 7A00h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F3CD902E8D8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 pushad 0x00000034 jmp 00007F3CD902E8DFh 0x00000039 add esi, dword ptr [ebp+122D31DCh] 0x0000003f popad 0x00000040 xchg eax, ebx 0x00000041 push edi 0x00000042 pushad 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD39CF second address: FD39E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD5201 second address: FD5213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jnl 00007F3CD902E8D6h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD5213 second address: FD5218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD5218 second address: FD5285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E2h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov di, dx 0x00000010 push 00000000h 0x00000012 mov edi, edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F3CD902E8D8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov dword ptr [ebp+1246B254h], eax 0x00000036 add dword ptr [ebp+122D29DDh], ecx 0x0000003c xchg eax, ebx 0x0000003d jmp 00007F3CD902E8E5h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jg 00007F3CD902E8D8h 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD8966 second address: FD8973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jl 00007F3CD8D9BEA8h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD8973 second address: FD89CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3CD902E8E3h 0x00000008 jmp 00007F3CD902E8E9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 jmp 00007F3CD902E8E4h 0x00000018 pop edx 0x00000019 jne 00007F3CD902E8DEh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD89CB second address: FD89D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD89D5 second address: FD89D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDE197 second address: FDE19B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD409 second address: FDD40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDE19B second address: FDE1A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F3CD8D9BEA6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD40E second address: FDD413 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE0195 second address: FE019F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE019F second address: FE01A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE01A3 second address: FE01B0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE01B0 second address: FE01B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE01B7 second address: FE01C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDF41C second address: FDF426 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDF426 second address: FDF42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2161 second address: FE216E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE216E second address: FE2173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE22BA second address: FE22BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE22BF second address: FE2363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F3CD8D9BEB0h 0x00000010 nop 0x00000011 and ebx, 61F657BDh 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F3CD8D9BEA8h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 mov edi, dword ptr [ebp+122D2733h] 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov eax, dword ptr [ebp+122D0871h] 0x0000004b mov edi, ebx 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push edx 0x00000052 call 00007F3CD8D9BEA8h 0x00000057 pop edx 0x00000058 mov dword ptr [esp+04h], edx 0x0000005c add dword ptr [esp+04h], 00000016h 0x00000064 inc edx 0x00000065 push edx 0x00000066 ret 0x00000067 pop edx 0x00000068 ret 0x00000069 mov di, ax 0x0000006c add ebx, dword ptr [ebp+122D2078h] 0x00000072 mov bx, ax 0x00000075 nop 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F3CD8D9BEB5h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2363 second address: FE2369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2369 second address: FE2387 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F3CD8D9BEA6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2387 second address: FE2395 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F3CD902E8D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE50C8 second address: FE50D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE50D8 second address: FE5146 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F3CD902E8D6h 0x00000009 jg 00007F3CD902E8D6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jp 00007F3CD902E8EDh 0x00000019 nop 0x0000001a mov di, FE3Ch 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F3CD902E8D8h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Dh 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D22B3h], eax 0x00000040 push 00000000h 0x00000042 mov di, 85DAh 0x00000046 push eax 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE5146 second address: FE514A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE82EA second address: FE82F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE82F6 second address: FE82FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE82FC second address: FE8301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8301 second address: FE830B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE830B second address: FE8348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub bl, FFFFFFC0h 0x0000000c push 00000000h 0x0000000e jp 00007F3CD902E8DCh 0x00000014 push 00000000h 0x00000016 and ebx, dword ptr [ebp+122D2A40h] 0x0000001c jmp 00007F3CD902E8E4h 0x00000021 xchg eax, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8348 second address: FE834C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE834C second address: FE8352 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE42C9 second address: FE42D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8352 second address: FE8377 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F3CD902E8DCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE42D2 second address: FE4367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 nop 0x00000007 movsx ebx, dx 0x0000000a mov bx, cx 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F3CD8D9BEA8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov ebx, dword ptr [ebp+122D2B47h] 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007F3CD8D9BEA8h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 mov edi, dword ptr [ebp+122D2D57h] 0x0000005b sbb bl, 00000039h 0x0000005e mov eax, dword ptr [ebp+122D1055h] 0x00000064 and ebx, 12582FBAh 0x0000006a push FFFFFFFFh 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jns 00007F3CD8D9BEBEh 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8377 second address: FE837E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE920F second address: FE9289 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov dword ptr [esp], eax 0x0000000d mov di, si 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F3CD8D9BEA8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F3CD8D9BEA8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 mov edi, dword ptr [ebp+122D3221h] 0x0000004e mov dword ptr [ebp+1244DB33h], edx 0x00000054 xchg eax, esi 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F3CD8D9BEABh 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8569 second address: FE856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE9289 second address: FE92BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F3CD8D9BEB6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA284 second address: FEA290 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA290 second address: FEA296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA296 second address: FEA2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F3CD902E8DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA3AC second address: FEA3C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3CD8D9BEAAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA4B3 second address: FEA4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FECA39 second address: FECA43 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FECA43 second address: FECABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F3CD902E8D8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D29D1h], ebx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F3CD902E8D8h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 push 00000000h 0x0000004a mov ebx, 42BCF8D4h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F3CD902E8E0h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF426F second address: FF428A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3CD8D9BEA6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 je 00007F3CD8D9BEA6h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF428A second address: FF4290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4290 second address: FF4296 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF79D5 second address: FF79D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF79D9 second address: FF79FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F3CD8D9BEABh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3CD8D9BEAFh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9ED9 second address: FF9EDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9EDF second address: FF9EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9A51D second address: F9A54E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3CD902E8DDh 0x00000013 jmp 00007F3CD902E8DAh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9A54E second address: F9A571 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F3CD8D9BEB9h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDDD2 second address: FFDDD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDDD9 second address: FFDE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 je 00007F3CD8D9BEAEh 0x0000000f push edx 0x00000010 jo 00007F3CD8D9BEA6h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3CD8D9BEABh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDFA3 second address: FFDFD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jl 00007F3CD902E8EFh 0x00000010 jmp 00007F3CD902E8E9h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 jp 00007F3CD902E8DCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDFD8 second address: FFDFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F954BA second address: F954BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003B75 second address: 1003BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F3CD8D9BEB6h 0x0000000b popad 0x0000000c jmp 00007F3CD8D9BEB5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100403A second address: 1004040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004040 second address: 1004046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10041AF second address: 10041B9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3CD902E8E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10041B9 second address: 10041C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3CD8D9BEA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10041C7 second address: 10041D1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3CD902E8D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004451 second address: 1004468 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3CD8D9BEAEh 0x00000008 jnp 00007F3CD8D9BEA6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004468 second address: 1004473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3CD902E8D6h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A84C second address: 100A852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A852 second address: 100A866 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100932C second address: 1009332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10094C5 second address: 10094CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10094CD second address: 10094D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10094D6 second address: 10094DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10094DA second address: 10094E0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1009645 second address: 100964B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10097CA second address: 10097E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD8D9BEB6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10097E4 second address: 10097E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1009D4F second address: 1009D6E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3CD8D9BEA6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F3CD8D9BEB3h 0x00000012 jmp 00007F3CD8D9BEADh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A6C9 second address: 100A6CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100FE7E second address: 100FE84 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101016B second address: 1010186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E3h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101070B second address: 1010717 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F3CD8D9BEA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1010717 second address: 101071C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101071C second address: 101072B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F3CD8D9BEA6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10139CE second address: 10139EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F3CD902E8E3h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016D16 second address: 1016D3A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3CD8D9BEA8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3CD8D9BEB8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016D3A second address: 1016D51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD640D second address: FD6411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6411 second address: FB5F01 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e popad 0x0000000f nop 0x00000010 or dword ptr [ebp+122D2261h], eax 0x00000016 call dword ptr [ebp+122D2243h] 0x0000001c push ebx 0x0000001d jmp 00007F3CD902E8E1h 0x00000022 push eax 0x00000023 push edx 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 jmp 00007F3CD902E8DEh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6ABF second address: FD6AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD8D9BEB4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6BB7 second address: FD6BBC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6C09 second address: FD6C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6C13 second address: FD6C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD6E8C second address: FD6EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dx, ax 0x0000000e mov edi, 6E9B456Ch 0x00000013 push 00000004h 0x00000015 xor dword ptr [ebp+122D3053h], eax 0x0000001b push eax 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD720F second address: FD7273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3CD902E8E6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F3CD902E8E6h 0x00000013 nop 0x00000014 mov edi, 53731CDAh 0x00000019 jnl 00007F3CD902E8EFh 0x0000001f push 0000001Eh 0x00000021 mov ch, dl 0x00000023 nop 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD7273 second address: FD7277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD7277 second address: FD727B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD727B second address: FD7289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F3CD8D9BEA6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD7289 second address: FD729F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD729F second address: FD72A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD72A4 second address: FD72AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD73BE second address: FD73C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101752A second address: 101755C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jo 00007F3CD902E8DAh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F3CD902E8E9h 0x00000014 js 00007F3CD902E8DEh 0x0000001a push esi 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017804 second address: 1017810 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017810 second address: 101781A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3CD902E8DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017987 second address: 101798B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101798B second address: 101799C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3CD902E8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101799C second address: 10179A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10179A1 second address: 10179A6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101AF5A second address: 101AF64 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3CD8D9BEA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DD5B second address: 101DD67 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3CD902E8D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DD67 second address: 101DD6C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D606 second address: 101D615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F3CD902E8D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D615 second address: 101D619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D619 second address: 101D61F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D61F second address: 101D62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D62B second address: 101D631 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D631 second address: 101D638 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D7A5 second address: 101D7D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E5h 0x00000009 jc 00007F3CD902E8D6h 0x0000000f popad 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F3CD902E8DEh 0x00000019 jnp 00007F3CD902E8D6h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D946 second address: 101D951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F3CD8D9BEA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D951 second address: 101D97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8DAh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3CD902E8E8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DA98 second address: 101DA9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DA9C second address: 101DAD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E1h 0x00000007 jne 00007F3CD902E8D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F3CD902E8DEh 0x00000016 js 00007F3CD902E8DEh 0x0000001c push edi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DAD1 second address: 101DAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F3CD8D9BEADh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB47 second address: 101FB58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB58 second address: 101FB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB5E second address: 101FB63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FCCB second address: 101FCDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FCDE second address: 101FCF0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3CD902E8DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FCF0 second address: 101FCF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FCF4 second address: 101FCF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FCF8 second address: 101FCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024105 second address: 1024128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8E5h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024128 second address: 102413F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3CD8D9BEABh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102413F second address: 1024143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024296 second address: 102429D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102802E second address: 1028034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028034 second address: 102803A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102803A second address: 102803E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102803E second address: 1028042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028042 second address: 1028048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10282AC second address: 10282B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10282B2 second address: 10282F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3CD902E8E8h 0x0000000a jns 00007F3CD902E8E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F3CD902E8D6h 0x00000018 jmp 00007F3CD902E8DBh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10282F8 second address: 1028311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F3CD8D9BEA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F3CD8D9BEAAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028311 second address: 1028317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028317 second address: 102831B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102C89D second address: 102C8B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DBh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D018 second address: 102D04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD8D9BEACh 0x00000009 jmp 00007F3CD8D9BEB3h 0x0000000e jmp 00007F3CD8D9BEB1h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035D9A second address: 1035DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E9h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035DBC second address: 1035DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035DC0 second address: 1035DED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jbe 00007F3CD902E8D6h 0x00000012 jmp 00007F3CD902E8DFh 0x00000017 pop ecx 0x00000018 jmp 00007F3CD902E8DBh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103417F second address: 1034183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034429 second address: 103443E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD902E8DFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103443E second address: 1034442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034442 second address: 1034455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10349D8 second address: 10349DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10349DC second address: 10349E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10349E0 second address: 10349E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034F89 second address: 1034F9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035277 second address: 103527D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035AD3 second address: 1035AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035AD9 second address: 1035ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035ADD second address: 1035AEB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A6FC second address: 103A702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A702 second address: 103A72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3CD902E8E9h 0x0000000b pop edi 0x0000000c pushad 0x0000000d jno 00007F3CD902E8D8h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A72E second address: 103A740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 jne 00007F3CD8D9BEA8h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E421 second address: 103E459 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3CD902E8E6h 0x0000000f jmp 00007F3CD902E8E8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D6F5 second address: 103D6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D6FB second address: 103D710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3CD902E8D6h 0x0000000a popad 0x0000000b jmp 00007F3CD902E8DAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DB44 second address: 103DB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DB4A second address: 103DB53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DE1C second address: 103DE20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DE20 second address: 103DE65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F3CD902E8FDh 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f push edi 0x00000010 pop edi 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1045BE0 second address: 1045BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 js 00007F3CD8D9BEA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1045BF0 second address: 1045BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104606B second address: 104609D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD8D9BEB4h 0x00000009 pop edx 0x0000000a jmp 00007F3CD8D9BEB6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1046346 second address: 104634B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104650F second address: 1046518 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CE38 second address: 104CE4F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F3CD902E8DAh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CE4F second address: 104CE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C84E second address: 104C86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C86A second address: 104C88B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007F3CD8D9BEA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3CD8D9BEB5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C88B second address: 104C8A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3CD902E8E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104CB5F second address: 104CB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052FD7 second address: 1052FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052FDC second address: 1052FF9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3CD8D9BEB8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F3CD8D9BEB0h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052FF9 second address: 105303C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3CD902E8D6h 0x0000000a jmp 00007F3CD902E8DDh 0x0000000f jmp 00007F3CD902E8E8h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push edx 0x00000019 jmp 00007F3CD902E8DBh 0x0000001e pop edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105A241 second address: 105A24B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F3CD8D9BEA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105A24B second address: 105A270 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F3CD902E91Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3CD902E8DFh 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059D5C second address: 1059D70 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3CD8D9BEACh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059D70 second address: 1059D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059D74 second address: 1059D9E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F3CD8D9BEB7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jp 00007F3CD8D9BECAh 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059D9E second address: 1059DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3CD902E8D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059DAD second address: 1059DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105C4FD second address: 105C509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007F3CD902E8D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105FBE1 second address: 105FBF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F3CD8D9BEA8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105FBF4 second address: 105FC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3CD902E8D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105FC07 second address: 105FC0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1062B39 second address: 1062B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1062B3F second address: 1062B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10629CB second address: 10629CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10629CF second address: 10629D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10629D5 second address: 10629E3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3CD902E8D8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10629E3 second address: 10629E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10703AC second address: 10703BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F3CD902E8D6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10703BB second address: 10703D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3CD8D9BEAFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10703D0 second address: 10703DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F3CD902E8D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107024D second address: 1070251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1070251 second address: 1070267 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F3CD902E8E0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079332 second address: 1079337 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079337 second address: 107936C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3CD902E8E7h 0x00000009 pop ebx 0x0000000a jmp 00007F3CD902E8DDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jno 00007F3CD902E8D6h 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107936C second address: 1079371 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077D4D second address: 1077D7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD902E8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b jno 00007F3CD902E8D6h 0x00000011 jmp 00007F3CD902E8E4h 0x00000016 pop ecx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077D7F second address: 1077D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077D8D second address: 1077D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10785F2 second address: 10785FC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3CD8D9BEA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079071 second address: 107908F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3CD902E8DEh 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F3CD902E8D6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107908F second address: 1079095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107CA4C second address: 107CA50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107C7B5 second address: 107C7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 jne 00007F3CD8D9BEACh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109CD85 second address: 109CD8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109CD8B second address: 109CDB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB1h 0x00000007 jmp 00007F3CD8D9BEB2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109CDB6 second address: 109CDBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6108 second address: 10B610E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B610E second address: 10B6118 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3CD902E8D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6118 second address: 10B615A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3CD8D9BEACh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F3CD8D9BEAEh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F3CD8D9BEB7h 0x0000001a je 00007F3CD8D9BEA6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B615A second address: 10B615E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B506A second address: 10B5098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3CD8D9BEAAh 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F3CD8D9BEB5h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5098 second address: 10B50B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3CD902E8E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B550E second address: 10B5512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5512 second address: 10B551A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B57F5 second address: 10B5814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3CD8D9BEB8h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5814 second address: 10B5819 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5819 second address: 10B583D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F3CD8D9BEB8h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B583D second address: 10B5848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5C98 second address: 10B5C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B5E23 second address: 10B5E31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A3C second address: 10B8A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A40 second address: 10B8A4D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3CD902E8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A4D second address: 10B8A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8C96 second address: 10B8CC3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, dword ptr [ebp+122D2AA3h] 0x0000000f push 00000004h 0x00000011 jng 00007F3CD902E8DEh 0x00000017 push ecx 0x00000018 add dword ptr [ebp+122D3053h], esi 0x0000001e pop edx 0x0000001f push D1308B20h 0x00000024 jl 00007F3CD902E8E0h 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8F7E second address: 10B8FB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3CD8D9BEB2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c xor dl, FFFFFFE1h 0x0000000f push dword ptr [ebp+122D38ABh] 0x00000015 sub dx, 7ABFh 0x0000001a push 611D6306h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jne 00007F3CD8D9BEA6h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8FB4 second address: 10B8FBA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8FBA second address: 10B8FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5580D4A second address: 5580D50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5580D50 second address: 5580D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5580D54 second address: 5580D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F3CD902E90Ah 0x0000000e jmp 00007F3CD902E8DFh 0x00000013 add eax, ecx 0x00000015 pushad 0x00000016 jmp 00007F3CD902E8E4h 0x0000001b push eax 0x0000001c push edx 0x0000001d mov cx, 2537h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5580D8E second address: 5580E50 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3CD8D9BEB4h 0x00000015 sub esi, 350F9158h 0x0000001b jmp 00007F3CD8D9BEABh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F3CD8D9BEB8h 0x00000027 or si, 9BB8h 0x0000002c jmp 00007F3CD8D9BEABh 0x00000031 popfd 0x00000032 popad 0x00000033 test eax, eax 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F3CD8D9BEB4h 0x0000003c add cx, 5618h 0x00000041 jmp 00007F3CD8D9BEABh 0x00000046 popfd 0x00000047 mov ebx, ecx 0x00000049 popad 0x0000004a je 00007F3D4A151DEAh 0x00000050 jmp 00007F3CD8D9BEB2h 0x00000055 test byte ptr [eax+04h], 00000005h 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F3CD8D9BEB7h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1885 second address: FD188F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F3CD902E8D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD188F second address: FD189C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E23A72 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E23956 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FC9A58 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 104E5AD instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3204	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3204	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2211405589.0000000001770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209841363.0000000001770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW1
Source: file.exe, 00000000.00000002.2211405589.0000000001770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209841363.0000000001770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2211235827.000000000170E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00E05BB0 LdrInitializeThunk,

0_2_00E05BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, file.exe, 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: sCProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
eaglepawnoy.store	21%	Virustotal	Browse
spirittunek.store	22%	Virustotal	Browse
licendfilteo.site	19%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.102.49.254	true	true	0%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	true	21%, Virustotal, Browse	unknown
bathdoomgaz.store	unknown	unknown	true		unknown
spirittunek.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
licendfilteo.site	unknown	unknown	true	19%, Virustotal, Browse	unknown
studennotediw.store	unknown	unknown	true		unknown
mobbipenju.store	unknown	unknown	true		unknown
clearancek.site	unknown	unknown	true		unknown
dissapoiznw.store	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900xi	file.exe, 00000000.00000002.2211405589.0000000001770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209841363.0000000001770000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bathdoomgaz.store:443/api&	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://mobbipenju.store:443/apiM	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2209841363.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/I	file.exe, 00000000.00000003.2210049312.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://licendfilteo.site:443/api.	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81	file.exe, 00000000.00000003.2210049312.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/api	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900D	file.exe, 00000000.00000003.2209841363.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211405589.0000000001767000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000002.2211360166.0000000001763000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210006802.0000000001763000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2209805502.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://studennotediw.store:443/apitk	file.exe, 00000000.00000003.2210006802.000000000174F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211360166.000000000174F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2209963194.0000000001789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2210062573.00000000017CA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000002.2211477849.00000000017C1000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541815
Start date and time:	2024-10-25 07:27:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:28:10	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	23.0.254.211
	CalendlyApp	Get hash	malicious	Unknown	Browse	23.46.224.247
	CalendlyApp	Get hash	malicious	Unknown	Browse	23.46.224.247
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	23.210.87.183
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	104.72.132.62
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Credit_Details2251397102400024.xla.xlsx	Get hash	malicious	Unknown	Browse	104.102.49.254
	Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xls	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.494806455700141
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'949'120 bytes
MD5:	7278d758e8e7786b1d7727a46f4f3c65
SHA1:	af155f32ac5d05e6497c7fe89a452b267e2bb802
SHA256:	0d26d22740d109895c220988629336fb84b671ada3fd4a15585fb6769484cc16
SHA512:	a1a7ee1829699e06f0865e20432f55b44392f1814572d84a43cd29fe20e0249eeb12abb9f1a989a6455316fd750d9527c9102ab2d90de70de60c466d4bb5a56a
SSDEEP:	49152:co/LxSg0ddkldwH+Z43Cr7bJ4X7a0K0bq9QWEu:TLxSg0ddkldwH53Cr7bJ4XJzb8QWEu
TLSH:	B2D54C91B404B1CFD48A26B5582BCFC2695E43F9476408C3E879A5FB7E67FC016B6C28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x708000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F3CD86EEC1Ah
pmaxub mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F3CD86F0C15h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	ddc8f82778d4874e2990aaec787b6c99	False	0.999445647689769	data	7.981699251489914	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
aezggxfm	0x60000	0x2a7000	0x2a6a00	3f557806d2747a47f5075e34dfe5b0c5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vaaawynn	0x307000	0x1000	0x400	af8138c9b487d1c58532903b3a6faba6	False	0.79296875	data	6.243246150394391	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x308000	0x3000	0x2200	0178882441c805fabcac21a75a0299f9	False	0.06537224264705882	DOS executable (COM)	0.7606736652600957	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T07:28:11.100024+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	51364	1.1.1.1	53	UDP
2024-10-25T07:28:11.269378+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	59187	1.1.1.1	53	UDP
2024-10-25T07:28:11.291178+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	54677	1.1.1.1	53	UDP
2024-10-25T07:28:11.327422+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	60052	1.1.1.1	53	UDP
2024-10-25T07:28:11.342181+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	59993	1.1.1.1	53	UDP
2024-10-25T07:28:11.361766+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	64816	1.1.1.1	53	UDP
2024-10-25T07:28:11.375344+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	53753	1.1.1.1	53	UDP
2024-10-25T07:28:11.386104+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	50682	1.1.1.1	53	UDP
2024-10-25T07:28:12.961519+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49710	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 07:28:11.469369888 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:11.469424009 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:11.469718933 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:11.505496979 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:11.505525112 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.351039886 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.351207018 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.353867054 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.353874922 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.354080915 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.400602102 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.411552906 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.455368042 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961615086 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961697102 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961699963 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.961730003 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961749077 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961790085 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961806059 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.961806059 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.961810112 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:12.961870909 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:12.961884975 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.009840965 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.077971935 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.078005075 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.078047037 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.078125954 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.078149080 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.078198910 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.078200102 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.078279018 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.080694914 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.080694914 CEST	49710	443	192.168.2.6	104.102.49.254
Oct 25, 2024 07:28:13.080714941 CEST	443	49710	104.102.49.254	192.168.2.6
Oct 25, 2024 07:28:13.080723047 CEST	443	49710	104.102.49.254	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 07:28:11.100023985 CEST	51364	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.109584093 CEST	53	51364	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.269377947 CEST	59187	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.279367924 CEST	53	59187	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.291177988 CEST	54677	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.300746918 CEST	53	54677	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.327421904 CEST	60052	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.341093063 CEST	53	60052	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.342180967 CEST	59993	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.357274055 CEST	53	59993	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.361766100 CEST	64816	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.371754885 CEST	53	64816	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.375344038 CEST	53753	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.384933949 CEST	53	53753	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.386104107 CEST	50682	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.395935059 CEST	53	50682	1.1.1.1	192.168.2.6
Oct 25, 2024 07:28:11.414067984 CEST	62819	53	192.168.2.6	1.1.1.1
Oct 25, 2024 07:28:11.421231985 CEST	53	62819	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 07:28:11.100023985 CEST	192.168.2.6	1.1.1.1	0x1c63	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.269377947 CEST	192.168.2.6	1.1.1.1	0x25a3	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.291177988 CEST	192.168.2.6	1.1.1.1	0x5b9a	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.327421904 CEST	192.168.2.6	1.1.1.1	0xc3bb	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.342180967 CEST	192.168.2.6	1.1.1.1	0x3d9c	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.361766100 CEST	192.168.2.6	1.1.1.1	0x2556	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.375344038 CEST	192.168.2.6	1.1.1.1	0xaf28	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.386104107 CEST	192.168.2.6	1.1.1.1	0x904e	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.414067984 CEST	192.168.2.6	1.1.1.1	0xd539	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 07:28:11.109584093 CEST	1.1.1.1	192.168.2.6	0x1c63	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.279367924 CEST	1.1.1.1	192.168.2.6	0x25a3	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.300746918 CEST	1.1.1.1	192.168.2.6	0x5b9a	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.341093063 CEST	1.1.1.1	192.168.2.6	0xc3bb	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.357274055 CEST	1.1.1.1	192.168.2.6	0x3d9c	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.371754885 CEST	1.1.1.1	192.168.2.6	0x2556	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.384933949 CEST	1.1.1.1	192.168.2.6	0xaf28	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.395935059 CEST	1.1.1.1	192.168.2.6	0x904e	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 07:28:11.421231985 CEST	1.1.1.1	192.168.2.6	0xd539	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	104.102.49.254	443	2304	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-25 05:28:12 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-25 05:28:12 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 25 Oct 2024 05:28:12 GMT Content-Length: 26105 Connection: close Set-Cookie: sessionid=a5b557e53b861fdaf256d188; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-25 05:28:12 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-25 05:28:13 UTC	11638	IN	Data Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J

Target ID:	0
Start time:	01:28:08
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xdc0000
File size:	2'949'120 bytes
MD5 hash:	7278D758E8E7786B1D7727A46F4F3C65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	69.7%
Total number of Nodes:	33
Total number of Limit Nodes:	3

Executed Functions

Function 00DCFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00DCFEDC
t, xrefs: 00DCFCBE
VY^_, xrefs: 00DCFDFF
J|BJ, xrefs: 00DD000D

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: d9568cd749b85eb5a690d71076ea988500313ff5c51676fe63225c34d9213a2b
Instruction ID: c9fa163baf2103517bc4372b6b5ac8cdd385516f19d1ad318a8332e1b519af97
Opcode Fuzzy Hash: d9568cd749b85eb5a690d71076ea988500313ff5c51676fe63225c34d9213a2b
Instruction Fuzzy Hash: 6CD155745083819BD321DF189490B6FBFE2EB96B44F18881DF4C99B352C336C949DBA2

Function 00DCD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00DCD2F1

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 23c50967cda8761a7a5c4b1bc6486902d50e1600eeb3b1de6183a9379aa9580a
Instruction ID: 17c7c85af3258695eb6d22597a6f146c25eddab390169265674b8d9ef15d45b7
Opcode Fuzzy Hash: 23c50967cda8761a7a5c4b1bc6486902d50e1600eeb3b1de6183a9379aa9580a
Instruction Fuzzy Hash: 4641277040D341ABD701AB68D985E2EFBE6EF92745F188C2CE5C497252C335D8149B7B

Function 00E05BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00E0973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00E05BDE

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00E0695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00E069C5

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9b611e0e6a440759f01d84aa452e98367576e47a520fd4568d11024439900cac
Instruction ID: 69e5c9f03eff4daadff05b559c3a7a66f4d8be8620c2aee05ae1e50d7967a7ab
Opcode Fuzzy Hash: 9b611e0e6a440759f01d84aa452e98367576e47a520fd4568d11024439900cac
Instruction Fuzzy Hash: D531ADB1A083019FD718EF15C89072BB7F1FF94348F44A81CE5C6A72A1E3749994CB56

Function 00DD049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75479f95632a160477e7bdaac8152d061c5f52e2a5b21511abb2c554676d37e8
Instruction ID: 760399eb4addaf4a68f6641fbb6ef792d1ee3269059d57d9d831b020ed9484ed
Opcode Fuzzy Hash: 75479f95632a160477e7bdaac8152d061c5f52e2a5b21511abb2c554676d37e8
Instruction Fuzzy Hash: EE916A75200700CFD724CF26E894B16B7F6FF89310F158A6DE8969BAA1D731E859CB60

Function 00DD0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61438d7ab8c9835914fde4d458942ba50ed1262218e491cf24de3e652ee581b7
Instruction ID: 7917c5918d8508af9445223a3230244fc3069f7635afe06642e4166afe4a26d1
Opcode Fuzzy Hash: 61438d7ab8c9835914fde4d458942ba50ed1262218e491cf24de3e652ee581b7
Instruction Fuzzy Hash: 3A715C75200701DFD724CF22E894B16BBF6FF89314F148969E89697AA2C731E859CB60

Function 00E099D0 Relevance: .1, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37ecfd4678150404dd3a0fbd604cd45e983c279e03d3076e310c58b826e8a4e
Instruction ID: cd2a7bbca043848a4d0c3bab39d1f6f1bb97f37c4d8dbe43ee897763c0736330
Opcode Fuzzy Hash: f37ecfd4678150404dd3a0fbd604cd45e983c279e03d3076e310c58b826e8a4e
Instruction Fuzzy Hash: F041AF35208300AFD7149E15D891B2BB7F6EB85724F14A82CE5C9A72D3D335E881CF66

Function 00E063B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce3edbf5943bb2a2ded39205bb6f625ac465e0307bb02784e6e3bd9db3ca7d9e
Instruction ID: 0c5579ab723510f1531300d197334574621bf3ff4754dfa23d4f31ceabfc78cc
Opcode Fuzzy Hash: ce3edbf5943bb2a2ded39205bb6f625ac465e0307bb02784e6e3bd9db3ca7d9e
Instruction Fuzzy Hash: C431E370609301BED624DB04CD82F2BB7A2FBC0B14F64A908F1917A2D1D3B0A8A08B52

Function 00E03220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00E032A6

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5e995892bf066a9323e9bd412ed46fe3d4000eef060d05d2f447a6a776522096
Instruction ID: b63aab234b5fb8646ff0a017d30b33a756be9eb24ee60012579d3a26e948c717
Opcode Fuzzy Hash: 5e995892bf066a9323e9bd412ed46fe3d4000eef060d05d2f447a6a776522096
Instruction Fuzzy Hash: 14016D3450D2409FC701EF68E845A1ABBF8EF4A700F05891CE5C5AB361D335DD64CB96

Function 00E03202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00E03208

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 18e4f1d8ea9e53f59bccc05824b2703ac313b43426658a96e3051e6db47caf69
Instruction ID: bec22979a3ee2c3da5f1df683c4770db68ae205cec0e9c9753708dba6c988e9d
Opcode Fuzzy Hash: 18e4f1d8ea9e53f59bccc05824b2703ac313b43426658a96e3051e6db47caf69
Instruction Fuzzy Hash: 6DB012300400006FDA041F00EC0AF003510EB00605F800050A100140F1D1655878C554

Non-executed Functions

Function 00DF23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

{l`~, xrefs: 00DF268C
ggxz, xrefs: 00DF2685
Cx, xrefs: 00DF453D
:, xrefs: 00DF32DD
%*+(, xrefs: 00DF40EF
mlc@, xrefs: 00DF275C
3<, xrefs: 00DF32D6
`tii, xrefs: 00DF2693
#v, xrefs: 00DF344B, 00DF4861
aenQ, xrefs: 00DF276A
fedc, xrefs: 00DF2782
f@~!, xrefs: 00DF25FF
|}&C, xrefs: 00DF2F21

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: cf92ab93447d2564df151e8e8dc494683250e4f42dab9a070b12d3a3ceeb709c
Instruction ID: cd14adecffdda414b5a96e9fa6b0db7e6d4c5ec085c039e7ba296604d2517200
Opcode Fuzzy Hash: cf92ab93447d2564df151e8e8dc494683250e4f42dab9a070b12d3a3ceeb709c
Instruction Fuzzy Hash: 4733CA70104B818FD7258F39C590B72BBE1BF16304F59899DE5DA8BB92C735E806CBA1

Function 00DDDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

WP, xrefs: 00DDDCEF
D, xrefs: 00DDE846
T, xrefs: 00DDF157
tuJK, xrefs: 00DDE967
AR, xrefs: 00DDDD10
89>?, xrefs: 00DDE9F6
mjkh, xrefs: 00DDE7D8
|, xrefs: 00DDECB1
`onm, xrefs: 00DDE733
tsrq, xrefs: 00DDE6FC
dcba, xrefs: 00DDE728
`Y^_, xrefs: 00DDE99E
LKJI, xrefs: 00DDE6E6
DCBA, xrefs: 00DDE887, 00DDE896
xgfe, xrefs: 00DDE71D
@ONM, xrefs: 00DDE6DB
%*+(, xrefs: 00DDDE37, 00DDDE46
<=:;, xrefs: 00DDE930
89&', xrefs: 00DDE93B
()./, xrefs: 00DDE9CA
<=2, xrefs: 00DDEA01
QNOL, xrefs: 00DDE775
:WUE, xrefs: 00DDF6B7, 00DDF6C6
lkji, xrefs: 00DDE73E

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: c5aba3b3aa0f39baac1466de0e7774804092a91c065dc594bcbf5ca1385cd430
Instruction ID: 984366b2c193af3bd7ffbd5c69c14cd916d7517f0e7c9f724e799a7870fb5113
Opcode Fuzzy Hash: c5aba3b3aa0f39baac1466de0e7774804092a91c065dc594bcbf5ca1385cd430
Instruction Fuzzy Hash: 45F278B15083819BD770DF14C884BABBBE6BFD5304F18482EE4C99B391D7719985CBA2

Function 00DE9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

JG, xrefs: 00DEAA27
sm, xrefs: 00DEA830
(a*c, xrefs: 00DEA147
N[, xrefs: 00DEA375
%e6g, xrefs: 00DEA152
hi, xrefs: 00DEAB9D
kW, xrefs: 00DEA380
WQ, xrefs: 00DEA62B
?m,o, xrefs: 00DEA13C
WH, xrefs: 00DEAA1C
=], xrefs: 00DEA36A
CG, xrefs: 00DEAA32
_Y, xrefs: 00DEA641
S], xrefs: 00DEA636
/), xrefs: 00DEA66D
]{, xrefs: 00DEA1E7, 00DEA1F3
Gt, xrefs: 00DE9FF8

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 5ab116c2b5fb2a69c3e15f5c8e32083be6153cd40eb366747c60572bfa712c45
Instruction ID: d278f53602c2240df3b8d4a9996a4d237be7810064fe843439fe2bed1ab34c93
Opcode Fuzzy Hash: 5ab116c2b5fb2a69c3e15f5c8e32083be6153cd40eb366747c60572bfa712c45
Instruction Fuzzy Hash: AE52B7B444D385CAE270CF26D581B8EBAF1BB92740F609A1DE1ED9B255DB708045CFA3

Function 00DE9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

B7U1, xrefs: 00DE9AFB
T#a-, xrefs: 00DE9AE3
;IJK, xrefs: 00DE983E
,A&C, xrefs: 00DE982E
G+X5, xrefs: 00DE9AF3
?M0K, xrefs: 00DE9968
X/R), xrefs: 00DE9AEB
8;, xrefs: 00DE9B13
z=Q?, xrefs: 00DE9826
!E4G, xrefs: 00DE9836
B?Q9, xrefs: 00DE9B0B
G'M!, xrefs: 00DE9ADB
O+f), xrefs: 00DE9634, 00DE963D
L3Y=, xrefs: 00DE9B03
pq, xrefs: 00DE99E0
2A"_, xrefs: 00DE9980

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: fd8c1e522b94297a66047062a3f6347bbca28a49cdec006e3fc29327d75fc0a6
Instruction ID: 974fe79214f760cb6f18f44a133a54c12fad8beca676d6f62d3fcbdb97ce7dbf
Opcode Fuzzy Hash: fd8c1e522b94297a66047062a3f6347bbca28a49cdec006e3fc29327d75fc0a6
Instruction Fuzzy Hash: 53F140B01093819BD310EF16D891A2BBBF4FB86B44F144D1CF4D99B252D374D909CBA6

Function 00DEDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

-M2O, xrefs: 00DEE25A
)IgK, xrefs: 00DEE261
=]+_, xrefs: 00DEE276
n\+H, xrefs: 00DEDDC0
<Y.[, xrefs: 00DEE27D
hX]N, xrefs: 00DEDDC7
%*+(, xrefs: 00DEE143
Y9N;, xrefs: 00DEE245
upH}, xrefs: 00DEDE8A, 00DEE798, 00DEDF4A
{E, xrefs: 00DEE323
,Q?S, xrefs: 00DEE26F

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 8ec525e89b579b509843f8ff165c3771650b2d8498eb35823ce405822a2bbd27
Instruction ID: d9d857ecb62096fe368fcc3d7f6e999355a79603b19ebfc1f53e89bc2806da32
Opcode Fuzzy Hash: 8ec525e89b579b509843f8ff165c3771650b2d8498eb35823ce405822a2bbd27
Instruction Fuzzy Hash: E9920471E00245CFDB08CF6AD8817AEBBB2FF49310F298169E555AB391D735AD05CBA0

Function 00F8EF94 Relevance: 11.6, Strings: 8, Instructions: 1605COMMON

Download Yara Rule

Strings

Hb}}, xrefs: 00F8FE3E
T$o5, xrefs: 00F8FE6B
>`^z, xrefs: 00F8F8A0
|Xo, xrefs: 00F8F64F
qPwQ, xrefs: 00F8F734
~o, xrefs: 00F8F33D
9+I, xrefs: 00F8FD4E
VS}n, xrefs: 00F8F189

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 9+I$>`^z$Hb}}$T$o5$VS}n$qPwQ$|Xo$~o
API String ID: 0-2200608140
Opcode ID: 6a5a79f9c9a8ae028cce16c3bbdef180077c3f9a6cba85e781b9f7502acba839
Instruction ID: d76f7a69a3d32400514524792fb8a8db6e66a2cb49bdc3a5f28a9c21c2eabebe
Opcode Fuzzy Hash: 6a5a79f9c9a8ae028cce16c3bbdef180077c3f9a6cba85e781b9f7502acba839
Instruction Fuzzy Hash: 3BB206F360C204AFE7046E2DEC8567ABBE9EBD4720F164A3DEAC4C3744E63558058697

Function 00F93E9E Relevance: 11.6, Strings: 8, Instructions: 1592COMMON

Download Yara Rule

Strings

c?/, xrefs: 00F9499D
Nz=, xrefs: 00F948FC
ug&, xrefs: 00F949A3
F2pC, xrefs: 00F951B9
~xj@, xrefs: 00F9492E
hv, xrefs: 00F94A3D
N {, xrefs: 00F94873
"Zu, xrefs: 00F94C61

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: "Zu$F2pC$N {$Nz=$~xj@$c?/$ug&$hv
API String ID: 0-1845795555
Opcode ID: 40035740df83baa1030d7940c09a0a784e12ed48d9698acbb38b3f6375e49a20
Instruction ID: 560603b00b0ff72b54953d6918e48a57459e26f4ea6013655790675c35b1d308
Opcode Fuzzy Hash: 40035740df83baa1030d7940c09a0a784e12ed48d9698acbb38b3f6375e49a20
Instruction Fuzzy Hash: 28B203F360C3049FE3086E2DEC8567ABBE9EF94720F16493DEAC5C3344EA3559058696

Function 00DE098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

{, xrefs: 00DE1502
cah`, xrefs: 00DE107E
gce/, xrefs: 00DE1073
&> &, xrefs: 00DE0F89
%*+(, xrefs: 00DE0A77, 00DE0A86
,#15, xrefs: 00DE0F94
9.5^, xrefs: 00DE0F9F
qrqp, xrefs: 00DE1089

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: ba7c0ca7d5e7cb8f12f3c3775f9350b80306b5bc445684bbbef3de1cca7b6e2a
Instruction ID: a1b05b87588e810bd4b249d4e0d75701aa8d526f77272919f08e6f31bf272c03
Opcode Fuzzy Hash: ba7c0ca7d5e7cb8f12f3c3775f9350b80306b5bc445684bbbef3de1cca7b6e2a
Instruction Fuzzy Hash: BC62AAB56083818FD330DF15C891BABBBE1FF96314F08492DE49A8B681D3758985CB63

Function 00DC1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

@, xrefs: 00DC2C40
gfff, xrefs: 00DC2297
0123456789abcdefxp, xrefs: 00DC1587, 00DC15F8
gfff, xrefs: 00DC22E1
-, xrefs: 00DC21ED
0123456789ABCDEFXP, xrefs: 00DC157D, 00DC15EB
gfff, xrefs: 00DC2226

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: f65fc32b6d7c69fabdb1dd891676d1c31efe47200a591a8c54c8f1d91b18ac83
Instruction ID: 8f3235b85b3af30d9fbec2d19b21d16a1ec1852690e2f77ce89ed4ec6587eeda
Opcode Fuzzy Hash: f65fc32b6d7c69fabdb1dd891676d1c31efe47200a591a8c54c8f1d91b18ac83
Instruction Fuzzy Hash: 35D2F3756083528FD718CE28C490B6ABBE2AFD5314F1CCA2DE49987392D734DD45CBA2

Function 00F959DE Relevance: 10.3, Strings: 7, Instructions: 1583COMMON

Download Yara Rule

Strings

%e9n, xrefs: 00F95DB9
=(, xrefs: 00F96B85
('{w, xrefs: 00F96653
3w?, xrefs: 00F96A6E
a8;O, xrefs: 00F95F25
l.[, xrefs: 00F95E06
w>r?, xrefs: 00F96225

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: l.[$%e9n$('{w$3w?$a8;O$w>r?$=(
API String ID: 0-1740215085
Opcode ID: 7e1baab77bf945da83f5d5fe6bb152c00fae41502f827b3676d3a232e5a47563
Instruction ID: b574997e08391f1e40ead8ccf61ec66589c538f2e4ed151e9bf245f4b983d3c4
Opcode Fuzzy Hash: 7e1baab77bf945da83f5d5fe6bb152c00fae41502f827b3676d3a232e5a47563
Instruction Fuzzy Hash: 69B2D7F360C2049FE304AF29EC8567ABBE5EF94720F1A893DE6C4C7744EA3558058697

Function 00F99042 Relevance: 10.3, Strings: 7, Instructions: 1540COMMON

Download Yara Rule

Strings

_x& , xrefs: 00F9926E
]nFH%, xrefs: 00F99B28, 00F9A1C7
6*s9, xrefs: 00F99AD3
~}5, xrefs: 00F99ABA
~}5, xrefs: 00F99B33
7x|, xrefs: 00F9A041
[s7', xrefs: 00F99FB7

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 6*s9$7x|$[s7'$]nFH%$_x& $~}5$~}5
API String ID: 0-3077136237
Opcode ID: bd5b80db4013499258e9f2b7f4c3f53a851a9348a3d35fa45c44451c6ba21ee9
Instruction ID: 83fef238422462a5df9fc155c3bce34f085d761df00aa860df8a3f25f794a487
Opcode Fuzzy Hash: bd5b80db4013499258e9f2b7f4c3f53a851a9348a3d35fa45c44451c6ba21ee9
Instruction Fuzzy Hash: 80A208F360C604AFE304AE2DEC8567AFBE5EF94720F16893DE6C4C3744E63598018696

Function 00F9A9E0 Relevance: 9.2, Strings: 6, Instructions: 1690COMMON

Download Yara Rule

Strings

#u, xrefs: 00F9BC65
R;9, xrefs: 00F9B1F1
T/{=, xrefs: 00F9B6DF
1V_], xrefs: 00F9BC5E
)Go?, xrefs: 00F9AA72
Fbx, xrefs: 00F9BD89

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: )Go?$1V_]$Fbx$R;9$T/{=$#u
API String ID: 0-242124907
Opcode ID: 361446ee99eca1c5ae6565d010bc4bc8dc303c4b8bd0290df152d56cdfe0588b
Instruction ID: cde19cd5265d9c08050695f4dedc15dc930d667b271692c42b0fa317a2b2ab38
Opcode Fuzzy Hash: 361446ee99eca1c5ae6565d010bc4bc8dc303c4b8bd0290df152d56cdfe0588b
Instruction Fuzzy Hash: 39B249F350C7049FE3086E2DEC8567ABBE9EF94720F164A3DE6C4C7744EA7558008696

Function 00F97464 Relevance: 9.1, Strings: 6, Instructions: 1625COMMON

Download Yara Rule

Strings

FJ:u, xrefs: 00F97E6D
+o, xrefs: 00F9851D
3qN, xrefs: 00F981A7
.I{, xrefs: 00F9857E
<:w, xrefs: 00F976C4
st+>, xrefs: 00F97A65

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: .I{$3qN$<:w$FJ:u$st+>$+o
API String ID: 0-372318176
Opcode ID: 0ad8248a74b7133e0b2aa6fe3903964f1e612809b0e66bd06112b0705cf3519a
Instruction ID: b21cc76a1f61c7bdf4c4b87413e2a4b43faf0c271e5ef06ed82bc6dcb1078811
Opcode Fuzzy Hash: 0ad8248a74b7133e0b2aa6fe3903964f1e612809b0e66bd06112b0705cf3519a
Instruction Fuzzy Hash: 8FB2E5F390C304AFE7046E29EC8566AFBE9EF94720F16493DEAC493744EA7558008797

Function 00F8B960 Relevance: 7.9, Strings: 5, Instructions: 1632COMMON

Download Yara Rule

Strings

7j, xrefs: 00F8CA4A
6t^, xrefs: 00F8C634
"Wok, xrefs: 00F8C14D
k, xrefs: 00F8BA69
(cZm, xrefs: 00F8CA06

Memory Dump Source

Source File: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: "Wok$(cZm$6t^$7j$k
API String ID: 0-1227485277
Opcode ID: e77a06b913bb477c6bf2c54d4a11c62a5a32e696c5ab76d15af44268a71cccca
Instruction ID: 4628d95967ed1ec6267ea0d849a7a5e0f56f8cef49fcfd2066edb166ed4c98e4
Opcode Fuzzy Hash: e77a06b913bb477c6bf2c54d4a11c62a5a32e696c5ab76d15af44268a71cccca
Instruction Fuzzy Hash: 4EB216F3A082109FE3046E29EC8567ABBE5EF94720F16892DEAC5C7744E63558058793

Function 00F90A30 Relevance: 7.8, Strings: 5, Instructions: 1588COMMON

Download Yara Rule

Strings

O^~, xrefs: 00F91600
#Qq>, xrefs: 00F9119D
\+n=, xrefs: 00F90CD4
AD, xrefs: 00F915FA
~zs:, xrefs: 00F91929

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: #Qq>$AD$O^~$\+n=$~zs:
API String ID: 0-4238950032
Opcode ID: cda8e602338af7190cbb4bcb8c41981936cc2d26fd2e34b0f19ff72edb3d00ed
Instruction ID: cca26204c1837f270799d09ba6057a8cba6bb41d206de77ee198d719eabc9148
Opcode Fuzzy Hash: cda8e602338af7190cbb4bcb8c41981936cc2d26fd2e34b0f19ff72edb3d00ed
Instruction Fuzzy Hash: 06B217F360C610AFE3046E29EC8567AFBE9EF94720F1A492DEAC5C7744E63558008797

Function 00DC12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

i, xrefs: 00DC28EA
0, xrefs: 00DC1DC1
0, xrefs: 00DC1E88
0, xrefs: 00DC243E
@, xrefs: 00DC3531

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 5d213a0c8f672246fbffc50cb55552849bdc4e8ff201cd146fcde0314e96bcb3
Instruction ID: 5fc1eff0b69835ca3db0ddb4af880ac771ac35d9a3e7b80b22b8eca258de9e38
Opcode Fuzzy Hash: 5d213a0c8f672246fbffc50cb55552849bdc4e8ff201cd146fcde0314e96bcb3
Instruction Fuzzy Hash: 2862D47160C3928FC319CF28C490B6ABBE1AFD5304F188A2DE8D987391D774D949CB62

Function 00DC164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

+, xrefs: 00DC1573
gfff, xrefs: 00DC1F57
0123456789abcdefxp, xrefs: 00DC1659
0123456789ABCDEFXP, xrefs: 00DC164F
gfff, xrefs: 00DC1F3C

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: c5ffff0b0fb48f257f6e3f3e416897f265b72fd467744e288379938e738f010c
Instruction ID: 7a63b1d2368f3c8cba5dd0f1523b005219ba1bd58d95e5bb5e7682cc9f43bd3e
Opcode Fuzzy Hash: c5ffff0b0fb48f257f6e3f3e416897f265b72fd467744e288379938e738f010c
Instruction Fuzzy Hash: 0AF1C23560C3928FC719CE28C48476AFBE2AFD9304F188A6DE4D987356D734D945CBA2

Function 00DC13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

-, xrefs: 00DC1F23
gfff, xrefs: 00DC1F57
0123456789abcdefxp, xrefs: 00DC13AD
0123456789ABCDEFXP, xrefs: 00DC13A3
gfff, xrefs: 00DC1F3C

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 18408594f19c566f12f7c25e75e1273800fa83cd0b237a1f61dae8bbe89539dd
Instruction ID: 46eeb69419bcd5572e630676893a5542be573f871c0e662e55da67fc2a9d33cb
Opcode Fuzzy Hash: 18408594f19c566f12f7c25e75e1273800fa83cd0b237a1f61dae8bbe89539dd
Instruction Fuzzy Hash: 27D1AE3560C7928FC719CE29C48076AFBE2AFD9304F08CA6DE4D987356D634D949CB62

Function 00DEFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

NA_I, xrefs: 00DF036D
uvw, xrefs: 00DEFE95
:, xrefs: 00DF0087
m1s3, xrefs: 00DEFEC3, 00DEFECB

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 30f4b9168544a24ad3cafc660a24237d87b6bff69a8c339a567bbac1aac4cc8f
Instruction ID: 211b6e644e70e8c19e38e6caac4f05453648590722c93443e7272478549eecce
Opcode Fuzzy Hash: 30f4b9168544a24ad3cafc660a24237d87b6bff69a8c339a567bbac1aac4cc8f
Instruction Fuzzy Hash: 2032AAB1508385DFD311DF29D880B2ABBE5EF8A300F19895CF6D59B292D335D909CB62

Function 00DD3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 00DD3C80
%*+(, xrefs: 00DD3EC4
ss, xrefs: 00DD3C79
;z, xrefs: 00DD3C87

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 2487d4083a5497a3112fab3f1d993b2570768db63c7e9e0b425f250e36b2acc5
Instruction ID: 19a801038eaf3f8bcad4dc3460dca862c78d23fe1d733bfc10bb9083c0841f97
Opcode Fuzzy Hash: 2487d4083a5497a3112fab3f1d993b2570768db63c7e9e0b425f250e36b2acc5
Instruction Fuzzy Hash: E9025AB4810B00DFD7609F29D986756BFF5FB02300F50895DE89A9B796E370A418CFA2

Function 00DE2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 00DE232F
sj, xrefs: 00DE2327
lc, xrefs: 00DE2507
a|, xrefs: 00DE2317

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 03cce7fca6bbed814fc7b5ad211a3174632016c496e32d55a65214fabf6e7186
Instruction ID: 601dbf104696909b249cd1384386653f1db64cbc8197857240785951db85baf3
Opcode Fuzzy Hash: 03cce7fca6bbed814fc7b5ad211a3174632016c496e32d55a65214fabf6e7186
Instruction Fuzzy Hash: E1A1AE704083818BC720EF19C891A3BB7F4FFA5354F588A0CE8D99B291E375D941CBA6

Function 00DED7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

KV, xrefs: 00DED97D
CV, xrefs: 00DED98B
T>, xrefs: 00DED984
#', xrefs: 00DED9EA

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: c33df8be8c1bb0a51d88339df1186eac3d2ffa09bb24b657d9abf9eb31c5007e
Instruction ID: 539e9cef980eccff96d0135a0e5ea28d82c344fd33f37a527f50505bebe1b563
Opcode Fuzzy Hash: c33df8be8c1bb0a51d88339df1186eac3d2ffa09bb24b657d9abf9eb31c5007e
Instruction Fuzzy Hash: 948145B48017499FDB20EF96D68516EBFB1FF16300F60560CE486ABA55C330AA55CFE2

Function 00DEAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

,{*y, xrefs: 00DEAD07, 00DEAD13
(g6e, xrefs: 00DEACA1
4c2a, xrefs: 00DEACA9
lk, xrefs: 00DEACBC

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: b278369dc483ac7e3fc3fd50f5da32416f6fa7c3493c295e827588e3ffd17b66
Instruction ID: 62285f14a249f3364ba110fbf593222a943300b50583efcc0768ef214ad08440
Opcode Fuzzy Hash: b278369dc483ac7e3fc3fd50f5da32416f6fa7c3493c295e827588e3ffd17b66
Instruction Fuzzy Hash: 854178B4808382CED7209F25D900BABB7F0FF86305F54995DE6C8A7250E775D948CB96

Function 00DEC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 00DEC537
%*+(, xrefs: 00DEC8C3, 00DEC8CB
%*+(, xrefs: 00DEC9E4, 00DEC9ED

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 7d981dd4be51d049a9c6d511557850f407d1cfa448a939b41973edeefbf25c87
Instruction ID: 6353ad887b1a4c4c91dc7ccc4473118e35ad180bbd20d6822c73ec517168ed4c
Opcode Fuzzy Hash: 7d981dd4be51d049a9c6d511557850f407d1cfa448a939b41973edeefbf25c87
Instruction Fuzzy Hash: 53E198B5518384DFE320AF26D881B5BBBF5FB85340F48882CE69997252D732D815CF62

Function 00F8D437 Relevance: 4.1, Strings: 2, Instructions: 1639COMMON

Download Yara Rule

Strings

D:3, xrefs: 00F8E69F
s!), xrefs: 00F8DFE6

Memory Dump Source

Source File: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: D:3$s!)
API String ID: 0-3961869269
Opcode ID: 125fd515af0d4c11593d99eecd1a5263a3a3953d6ca03aa8217cde99b41d3afa
Instruction ID: 9ca72c57515f620d6f2917efe5d869bba71cfe86128df4bbf0539c161bd4fe9f
Opcode Fuzzy Hash: 125fd515af0d4c11593d99eecd1a5263a3a3953d6ca03aa8217cde99b41d3afa
Instruction Fuzzy Hash: CDB216F350C304AFE304AE29EC8567AFBE9EF94720F16453DEAC483744EA7558058697

Function 00DC8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

IEND, xrefs: 00DC89F0
), xrefs: 00DC8616
), xrefs: 00DC860C

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 4db673d54ff572fa2988a15ebaaf9e439f860bb2b9b42163aca54341b8174975
Instruction ID: d05b53ee8a0a960853b74d6820ef9e2fa803e834aa615fa781582b38aa1dc917
Opcode Fuzzy Hash: 4db673d54ff572fa2988a15ebaaf9e439f860bb2b9b42163aca54341b8174975
Instruction Fuzzy Hash: 1FE1BEB1A087029FE310CF29C885B2ABBE0FF94314F14492DE59997381DB75E915DBE2

Function 00E04040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00E040A4, 00E040AD
f, xrefs: 00E0420C

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: a62200b5e1448ae742496237ab4f3f52026e750e376ede8ead269a544318d55d
Instruction ID: ba373faf30a2b906db99d4d75b275c0e8e739866550a754a10f41faab8ab88a5
Opcode Fuzzy Hash: a62200b5e1448ae742496237ab4f3f52026e750e376ede8ead269a544318d55d
Instruction Fuzzy Hash: 00129DB16083419FC715CF14C980B2BBBE2FBC9318F189A2DF694A72D1D735D9858B92

Function 00DFF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00DFF7F5
hi, xrefs: 00DFF6E6

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: e7ac6ffa5624ad27d16784834f2bd9ad0fcca6724d4a15301d121240be3dba9c
Instruction ID: 82fcb01373a9c0634d1bac9b2ac91acf3e47bd02c60dbcf8bd1e89ea74140423
Opcode Fuzzy Hash: e7ac6ffa5624ad27d16784834f2bd9ad0fcca6724d4a15301d121240be3dba9c
Instruction Fuzzy Hash: 51F19471618301EFE704CF25C891B6ABBE6FF89344F15992CF285AB2A1C734D845CB22

Function 00DC35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00DC360E
Inf, xrefs: 00DC3607

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 0fb0e578fb17dad982ad3410f02a062d5cbae18064a002300cab08b5fd435f17
Instruction ID: fe3bbd31bf88d15c88bc688130258903cb9c1868b42639fd360f189149f7071f
Opcode Fuzzy Hash: 0fb0e578fb17dad982ad3410f02a062d5cbae18064a002300cab08b5fd435f17
Instruction Fuzzy Hash: A7D1D371A183129BC704CF29C880B1ABBE1EFC8750F15CA2DF9D9973A0E675DD458B92

Function 00DDFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00DE0197
Ye[g, xrefs: 00DE00F6

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 6495a13e6ee85fae8869e4606fde7ec8a458f962b61d132e6bee86fc2608087c
Instruction ID: 111ced5d6e6955ae752ade6daa4ac35c673a912826fcb711b1e4e63d0006cc4d
Opcode Fuzzy Hash: 6495a13e6ee85fae8869e4606fde7ec8a458f962b61d132e6bee86fc2608087c
Instruction Fuzzy Hash: 65519C716083818BD731DF59C481BABBBE0FF96310F19491DE4998B651E3B49980CB67

Function 00DC5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00DC54C8

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 595186172e1fe160c0c5349397f7e87c6cf1101f7cc899668346576e987b1c33
Instruction ID: ebfb9a42b9cbd89ad6ceb98534bb80767d2e18442ccda7e1e7584b95a0acc4dc
Opcode Fuzzy Hash: 595186172e1fe160c0c5349397f7e87c6cf1101f7cc899668346576e987b1c33
Instruction Fuzzy Hash: BD22C5B6608B43CBE7158E18E540B26BBA2AFE0304F1D856DD8994B389E771FCC5C761

Function 00DF12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00DF15D1

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 69506f9c26846f48324fa963958e35a437e06d1d49583ef7e36c9566206a0e50
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 79F15679A083499BC724CE24C480A3BBBE5AFC5340F0EC56CE98987382D631DD05C7B2

Function 00DEAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DEB2D3, 00DEB2DB

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ab68dc09813367dfefc5c3cd1d515dfced14bc1b039595f72210a5ce023baceb
Instruction ID: 81797eea0c067db61791b34f96ec0a237f5059a57cc11e26c87f3fd90d870419
Opcode Fuzzy Hash: ab68dc09813367dfefc5c3cd1d515dfced14bc1b039595f72210a5ce023baceb
Instruction Fuzzy Hash: B6E1BA71508346CBC314EF2AC49056BB3E2FF997A1F58891DE5C597260E330EA59CBA2

Function 00DD6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DD6EF3

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 10a857ea7f6d8f9d8ab42e570de9bbc3a98e4d8bb968ecdcfff883c5a2d026ca
Instruction ID: ce2769ff8d3afa819bcfb048eda26fe9ee3366e543810ac33403edd154d87340
Opcode Fuzzy Hash: 10a857ea7f6d8f9d8ab42e570de9bbc3a98e4d8bb968ecdcfff883c5a2d026ca
Instruction Fuzzy Hash: A5F1A075610A01CFD734DF29D881A26B3F2FF48314B148A2EE59787B91EB31E855CBA0

Function 00DE7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DE8263, 00DE826B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a8823c489e412843743fcd01a5a214da674cd766f01c2e63429dbf2dfd633ddc
Instruction ID: 58caf786be740337906e6ce288438e425b1867728a593374e57108f12dc5e42c
Opcode Fuzzy Hash: a8823c489e412843743fcd01a5a214da674cd766f01c2e63429dbf2dfd633ddc
Instruction Fuzzy Hash: 2EC1BF71508380ABD710AF16C882A2BB7F5EF95754F08881CF9C99B292E735DD05DBB2

Function 00DE8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DE9233, 00DE923B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 06fa714e42d2478ee53a68b0d4c23f572345289cf9ec18f845341a4bed9446ab
Instruction ID: a0ce3a42ce77008adc1a75b6209786a66890b8c535ac7e331935fafe6e091551
Opcode Fuzzy Hash: 06fa714e42d2478ee53a68b0d4c23f572345289cf9ec18f845341a4bed9446ab
Instruction Fuzzy Hash: DCD10070608342DFD704DF6AEC91A6AB7E5FF88300F49886CF88697291D771E984CB61

Function 00E07FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00E08167

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 92dfb8acf13d0f32fce66c6118770533a5a1fba153f3c16fc5bf52c7fc821f3c
Instruction ID: 5986f07563b974470b63894189d7e65561018a6b683f2b6c55035aad99b4af56
Opcode Fuzzy Hash: 92dfb8acf13d0f32fce66c6118770533a5a1fba153f3c16fc5bf52c7fc821f3c
Instruction Fuzzy Hash: E3D1C1729082658FC725CE18A89075EB6E1EBC5718F159A2CE8F5BB3D0CB719C86C7C1

Function 00E06CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

"p, xrefs: 00E07015

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: "p
API String ID: 0-1647296830
Opcode ID: d3d2a55a5da04a962ec4e59167a0b0cb268b447040831ae45445421ec5cdaf61
Instruction ID: a095987acb4ef839d353ebc25828b7a877564873518c3e37d98384d3d3eaf48b
Opcode Fuzzy Hash: d3d2a55a5da04a962ec4e59167a0b0cb268b447040831ae45445421ec5cdaf61
Instruction Fuzzy Hash: D4D1F236618351CFC714CF39D8C056AFBE2AB89314F098A6DE495E73A1D330DA49CBA1

Function 00DECCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DECDC3, 00DECDCB

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: c5467e3cc77b61a23c392e96d4ca5f1e1c097bccfb83798c32dae7b4e20651ed
Instruction ID: c4e5d9028d3be69321f0ff52f38de26483a17b9a4958509c46c4c4568cdd9ef9
Opcode Fuzzy Hash: c5467e3cc77b61a23c392e96d4ca5f1e1c097bccfb83798c32dae7b4e20651ed
Instruction Fuzzy Hash: D8B111716193818FD714EF1AD881B2BBBE2EF85340F18582CE5C59B291E731D856CBB2

Function 00DCA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00DCA9C3

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 1c293d323b7b3f27c158ef5221afc5048dbacea6f03bdb96dd801067c3d0c282
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: BAB12A711083859FD325CF58C880B1BBBE1AFA9708F484A2DF5D997342D671EA18CB67

Function 00DFFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DFFCA4, 00DFFCAD

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 98f9d3355f9a903f9639a2e2cb3a87064e8678feb4184fd5e3bf57f2d479fad7
Instruction ID: 7a0f95f0241eabae64990019b931c30f20f7b52a62a0d6242bd77e939ccdc94a
Opcode Fuzzy Hash: 98f9d3355f9a903f9639a2e2cb3a87064e8678feb4184fd5e3bf57f2d479fad7
Instruction Fuzzy Hash: 6F81B871608204EFD710DF69DC85A2AB7E5FF99701F09882CF6C4A7292D731E859CB62

Function 00DDD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DDD663, 00DDD66B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 245e64a6133249161a007dbc9444daddead4fb86a9ca0bba682cc8a8d3192315
Instruction ID: 756fbe9aa25eec1fc782e2007e5b78ddaf62ceb02ce44cfda8340643a464a30a
Opcode Fuzzy Hash: 245e64a6133249161a007dbc9444daddead4fb86a9ca0bba682cc8a8d3192315
Instruction Fuzzy Hash: 4B611372909204DFCB10EF18DC42A6A73B1FF95344F08492DF98997392E375E905C7A2

Function 00E04A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00E04C33, 00E04C3B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 1a5aeae17874c31bf497a693e98edc2c87cbe11f8311320d4fb234cf19dd998c
Instruction ID: 042b55333e875fc0d8042c7fb6bc817cb1a07b720acec5ade2ea6c55c2fe31a1
Opcode Fuzzy Hash: 1a5aeae17874c31bf497a693e98edc2c87cbe11f8311320d4fb234cf19dd998c
Instruction Fuzzy Hash: ED61DDF16083019BE711DF65C980B2AF7E6EBC4318F18991CEA85A72D1D671EC90CB52

Function 00DCE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00DCE333

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 3843fbbfdf82afbd02aecac20dc37033a90a461de1b5b108b69013b2fd836fb6
Instruction ID: 46d4c855eda33b0a93805b050e65f6120921ea2b4c1c89bce585839a474df7a3
Opcode Fuzzy Hash: 3843fbbfdf82afbd02aecac20dc37033a90a461de1b5b108b69013b2fd836fb6
Instruction Fuzzy Hash: 4A512773A196D24BD338897D4C557A9AB870FA2334B3DC76EE9F18B3E1D556880483A0

Function 00E03920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00E039E3, 00E039EB

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 7e8901b385c035c3cbe02cc88bba274c7dae01dc08aa2b9b89cd1a6154160cf4
Instruction ID: afb466d2d5f9b30fe8e27cd63e7cc4f0cecf944d0330e91f06e784a56895f020
Opcode Fuzzy Hash: 7e8901b385c035c3cbe02cc88bba274c7dae01dc08aa2b9b89cd1a6154160cf4
Instruction Fuzzy Hash: 1B519E35609200DFCB24DF65D880A2ABBFAEFC5748F18991DE4C6A7291D371DD90CB62

Function 00DD1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00DD1C3E

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 51bc8be1cae60a57bf7c6667db276b1feaf42c46af586b7bc45782baaf90c086
Instruction ID: a319fa659e552265cc5a0fd99f4946b0ace73987211e011e560954dc0ca7220a
Opcode Fuzzy Hash: 51bc8be1cae60a57bf7c6667db276b1feaf42c46af586b7bc45782baaf90c086
Instruction Fuzzy Hash: AF4161B8018380ABC7149F69C894A2FBBF0FF86314F08891DF5C5AB290D736C9158B66

Function 00DFFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00E00033, 00E0003B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b1bd6d739732e44bb095e902fe25e30fffeee832d7cf991f50504ab06414cb20
Instruction ID: facaf959d926352283913726c74a9e00cd1230a1b57a87e562ff8df1ac30a3dc
Opcode Fuzzy Hash: b1bd6d739732e44bb095e902fe25e30fffeee832d7cf991f50504ab06414cb20
Instruction Fuzzy Hash: 4D31D6B1A04305ABD610EE54DC81F2BB7E9EF85748F545C28F985E7292E232DC94C763

Function 00DEE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00DEE6A2

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 9914bed8027e21d107699a912f21b19ccc1e3b32f2fcbe2d14c2580994163ec4
Instruction ID: 8509c953755e25e8ecbb07fd97c00ac3515ee3527fd9c6c49474386d9c8aa12b
Opcode Fuzzy Hash: 9914bed8027e21d107699a912f21b19ccc1e3b32f2fcbe2d14c2580994163ec4
Instruction Fuzzy Hash: 4431E6B5900245CFCB20EF96E8809AFBBB5FB46305F58486CE54AA7301D331A905CBB2

Function 00DD6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00DD703B

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 84b027def469715d3805cb6965ba6cc9d686abe8c5b218882575ac5eb81714b7
Instruction ID: 44cea0297ea592ffa42f7137ede2618cc5c306c5ca1893dec4b1535fa6ed5f7a
Opcode Fuzzy Hash: 84b027def469715d3805cb6965ba6cc9d686abe8c5b218882575ac5eb81714b7
Instruction Fuzzy Hash: FD414572205B04DFD7348F66C995B26B7F2FB49701F18885AE5869BBA1E371F8008B60

Function 00DEE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00DEE6A2

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 4480e12bd16211f5586fc74cc1dcaa53c4335d8a711786aebf72871499b2c659
Instruction ID: ef701d5f2d65ea2a1cceb8cecc0ceb32d45f99af957dd1dbb72ba2abf3f87186
Opcode Fuzzy Hash: 4480e12bd16211f5586fc74cc1dcaa53c4335d8a711786aebf72871499b2c659
Instruction Fuzzy Hash: 7621E2B1900245CFC720EF96D880AAFBBB5FB4A700F58485CE586AB301C331AD05CBB2

Function 00E09CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00E09D30

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: e4cdbc5f2e530de9c323c367389d5ba353c9634a1f5f91efd24a0024fa4e275a
Instruction ID: 12feb3a472003d1189e97b529351bdc43598887637c3e78c20cbe12e404b00c5
Opcode Fuzzy Hash: e4cdbc5f2e530de9c323c367389d5ba353c9634a1f5f91efd24a0024fa4e275a
Instruction Fuzzy Hash: 26315A705093009BD314EF15D880A2BFBF9EF9A318F14992DE5C4A7292D375D944CB66

Function 00DD4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92b529072f0fc0884278474a8267c94c62845236c88a7b62c06384291dfbc9c7
Instruction ID: a90a5407844d1eceeb4e2caa8f2eda0f11f7a119864b4de3c6f41bdb0e1ef228
Opcode Fuzzy Hash: 92b529072f0fc0884278474a8267c94c62845236c88a7b62c06384291dfbc9c7
Instruction Fuzzy Hash: A8625774510B418FD735CF28E890B26B7F6EF46700F58892ED49A87B56E731E848CBA0

Function 00DCBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 34a1d48e7ba5661304797eb0bce68323473d18fca2c3b95c468c07ab0d9a613e
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 01521A316287128BC7259F18D4407BBF3E1FFC4319F299A2DDACA93290D734A851CB96

Function 00E08652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8790467877081e3dd9e1188ecea9c0fff3d947dfefe10e8de253e199523898c
Instruction ID: 5dac64c193966abdd0f5e73966160502b0efdc44da68e81106ff113f005cfc96
Opcode Fuzzy Hash: f8790467877081e3dd9e1188ecea9c0fff3d947dfefe10e8de253e199523898c
Instruction Fuzzy Hash: 0A22FCB5609341DFC704DF69E88066AB7F1FF89315F09886DE489A73A2C735D894CB42

Function 00E086F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598f0e6252f680bffc4755f7fc7771ae956ba175f28f114cd208255f2dc1cb0d
Instruction ID: aec16cd87353b413acf55a90dcc546458cf2e2d506f8283a3a0c5a2ec9724e5b
Opcode Fuzzy Hash: 598f0e6252f680bffc4755f7fc7771ae956ba175f28f114cd208255f2dc1cb0d
Instruction Fuzzy Hash: 8322CAB5609340DFC704DF69E89065ABBF1FB8A305F09896DE4C9A73A2C735D894CB42

Function 00DCB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11168e8b8cf80ce9ef9bdf119e8a62beb32c7117f9f19a9ffad7be406d03574d
Instruction ID: 6cc438dc7b064d14c76062850c1517dc02155c66d6c685e1c5d1e35b77c25867
Opcode Fuzzy Hash: 11168e8b8cf80ce9ef9bdf119e8a62beb32c7117f9f19a9ffad7be406d03574d
Instruction Fuzzy Hash: 4852C8709087858FEB35CB24C045BA7BBE1EF95324F184C2EC5E607A82C779E885CB65

Function 00DC71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23267604f4cd3ff9823ae2fb2474bc0f999ee19afc4a810b8c0ec3bcb81b4532
Instruction ID: e35929dceee19daa01b62819474421042ee557283e17c76ed6f382bbc315a2a0
Opcode Fuzzy Hash: 23267604f4cd3ff9823ae2fb2474bc0f999ee19afc4a810b8c0ec3bcb81b4532
Instruction Fuzzy Hash: 52528E3150C3468FCB15CF29C090BAABBE2BF88314F198A6DE89997351D774D989CF91

Function 00DC8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa32e300c221ec505ad461099766a27fda18e1de9ca3d0e2d2c3253e5d857cc
Instruction ID: b406640bfd58f255577289d4f4b7a9828d5e3dddfd25af333349f90dac213e40
Opcode Fuzzy Hash: 3fa32e300c221ec505ad461099766a27fda18e1de9ca3d0e2d2c3253e5d857cc
Instruction Fuzzy Hash: 64426775608302DFD708CF29D864B5ABBE1BF88315F09886CE4958B391D73AD989CF52

Function 00DC7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3aef99367f62e0916239a7ec480fcbf2c425f3c8f74b6cff9783156f1ac1e1
Instruction ID: 682afde593291bff4fa87a538811d480bcae48dc987c542a1e9ae9f60ef25777
Opcode Fuzzy Hash: 2d3aef99367f62e0916239a7ec480fcbf2c425f3c8f74b6cff9783156f1ac1e1
Instruction Fuzzy Hash: 9D322270514B128FC338CF29C690A6ABBF1BF45710B644A2ED6A787B90D736F845DB24

Function 00E089A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dbdfa1d188cee5dac74eb2d1a03db6f39b145ad7e051a61273dd6423ba92bf1
Instruction ID: 49b5ed7f064c709119d2aa2ec907f57d23f5b3854ba7370da35bcafc15e141ff
Opcode Fuzzy Hash: 5dbdfa1d188cee5dac74eb2d1a03db6f39b145ad7e051a61273dd6423ba92bf1
Instruction Fuzzy Hash: 2502AA75608341DFC704DF69E880A5AFBE1EF8A305F09896DE4C5A73A2C335D994CB92

Function 00E08A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b09cb520fa482fe2187d170f6b8695ad6850309dc2931c0ab487838b8b6ed0
Instruction ID: 1b370adddd0fad9b32791e7592811285fa1a94d72e2e9bfc7efda5683f366822
Opcode Fuzzy Hash: 39b09cb520fa482fe2187d170f6b8695ad6850309dc2931c0ab487838b8b6ed0
Instruction Fuzzy Hash: 80F19975608341DFC704DF69E88061EFBE1EB8A305F09892DE4D5A73A2D336D994CB92

Function 00E08C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fe7edb445e3a4d953b4a0c50d1276e90724058db9c60ee20196b467508a295
Instruction ID: 59154052ae41fe901dd70f474a2d49ec8fbc7ca26b387fd7f81dd406f12a0018
Opcode Fuzzy Hash: 06fe7edb445e3a4d953b4a0c50d1276e90724058db9c60ee20196b467508a295
Instruction Fuzzy Hash: FCE1CE71608341CFC304DF29E88066AF7E1FB8A315F09896CE4D5A73A2D736D994CB92

Function 00DCA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 449d3e3b3b8252f1b66b3dd0579fa63148d46b7c50640e654b3be69b418e9a60
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: EFF1AE756087468FC724CF29C881B6BFBE2AFD8304F08882DE5D987751E635E945CB62

Function 00E08E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96f805f51737196861e9a7401e01e8dc1ab7ea1cff67e74817448fdc409e027
Instruction ID: 9048a4fe23b3bb23a0f5464e37d17139be008ee7ada216a7f05fc9e7a2f99f00
Opcode Fuzzy Hash: d96f805f51737196861e9a7401e01e8dc1ab7ea1cff67e74817448fdc409e027
Instruction Fuzzy Hash: 48D1AD7460C341DFD304DF28D88062AFBE5EB8A305F09896CE4D5A73A2D736D894CB52

Function 00DD4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 515f411d889eda6d2bea7ccafef1002298822dd5b625610fd8824944a48d8c55
Instruction ID: e3b6c335bec70f7d8bae5bda2228cbd413e4374695d325d4aa8365536ddd8472
Opcode Fuzzy Hash: 515f411d889eda6d2bea7ccafef1002298822dd5b625610fd8824944a48d8c55
Instruction Fuzzy Hash: EDE1EFB5501B008FD325CF28D992B97BBE1FF06705F04886DE4AA87B52E735B854CB64

Function 00E07AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3770e32bb40515ffbd3339a9b3e74945c0541f5d8b7bb85699d3bc87feb8f3fb
Instruction ID: 9b96800cf05214d8342f6289636f3d02624de495c34ed7617a676cd153d64c70
Opcode Fuzzy Hash: 3770e32bb40515ffbd3339a9b3e74945c0541f5d8b7bb85699d3bc87feb8f3fb
Instruction Fuzzy Hash: 42B10372E0C3504BE314DA28CC85B6BB7E5EBC9314F08592DE9D9A73C2E635EC458792

Function 00DCAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: f06fdd4054acdd5a73c65a178bc88e9a1c64384b602e30df0752da83c53ad0e7
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 96C16D72A087418FC360CF68DC96BABB7E1BF85318F08492DD1D9C7242D778A155CB55

Function 00DD6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e87338b79f05808be7405af7b9e46e17797fdce59d24c362ed7b091b6cf30c8
Instruction ID: c6d071166e502fbc14e201d09e214b029ff8e90cfbae4ab50687018c3d471e80
Opcode Fuzzy Hash: 9e87338b79f05808be7405af7b9e46e17797fdce59d24c362ed7b091b6cf30c8
Instruction Fuzzy Hash: F7B101B4500B408BD3218F24D991B27BBF1EF46704F14885DE8AA8BB52E775F805CBA5

Function 00E07710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b08935a118c282fc72304cc26c24c860564e75f28854a84642366f889778da2c
Instruction ID: 0773af60519a37a1cf93b3aac05b71a9d9001a9e069b6590b138497e49aa8351
Opcode Fuzzy Hash: b08935a118c282fc72304cc26c24c860564e75f28854a84642366f889778da2c
Instruction Fuzzy Hash: 24919C71A08301ABE724DA14C881BABB7E5EB85354F54981DF8D4A73D1E730E980CBA2

Function 00E0A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b2a2d11eeee3030cf8ea178a244abd0a8536f7a1ea3670d7fe32b36db4626e
Instruction ID: 3c2fac61f101672be61f9385778b644146c205bcec72dec3a6d5d4b0af05f07d
Opcode Fuzzy Hash: 36b2a2d11eeee3030cf8ea178a244abd0a8536f7a1ea3670d7fe32b36db4626e
Instruction Fuzzy Hash: 4381AF352093058FD724DF28C880A2EB7F5EF99744F09992CE585A72A1E735EC90CB92

Function 00DF64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f469383aa6d5810bd951bb0e91feb85ddf6b8f257e7e7d4e1a9e0c0c39acf6e4
Instruction ID: 29aff09e280fe195417cacdf20ff36186a9a94cef0120110a1a2523466100d3b
Opcode Fuzzy Hash: f469383aa6d5810bd951bb0e91feb85ddf6b8f257e7e7d4e1a9e0c0c39acf6e4
Instruction Fuzzy Hash: FC71F833B29A944BC3149D7D5C423A5AA834BD6334B3EC379EAB4DB7E5D52ACC054360

Function 00DE28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201d44fc0b4f4551249a5ec965d10645ce295cf90cda2963c33e63c4b2f81287
Instruction ID: 3be052f6e75b6626dd8ba3056235cd6aac615a1e5ef9273bdb09017c6e0c69f3
Opcode Fuzzy Hash: 201d44fc0b4f4551249a5ec965d10645ce295cf90cda2963c33e63c4b2f81287
Instruction Fuzzy Hash: 1B6185B44183808BD310AF1AD891A2BBBF4EFA2750F18891CE5C59B261E379C910CB66

Function 00DE7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d2f76e5b7f3c5bdcdb04cb686bcf941df25667d92e80e18bac1f46ee3ccb4f
Instruction ID: 64aca48a65da143804daffc04343cc9aa6fbe140d8f5177aa98f7d007b7027c9
Opcode Fuzzy Hash: e4d2f76e5b7f3c5bdcdb04cb686bcf941df25667d92e80e18bac1f46ee3ccb4f
Instruction Fuzzy Hash: 2451DFB1608244ABDB60AB25CC82BB733B8EF85754F184958F98ACB290F375DC01C772

Function 00E8BBC5 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2ed4b01aa8f6854579ee2c9e6ee2d6ca7065adfa8bfada67c9a3d1005243455
Instruction ID: 335c58c0fdac78d3e38f38452ebce43e8f0a32be17cea9d5dbc59bb08fca98c9
Opcode Fuzzy Hash: a2ed4b01aa8f6854579ee2c9e6ee2d6ca7065adfa8bfada67c9a3d1005243455
Instruction Fuzzy Hash: 4771F2F3A096049BE304AF29ED4563AFBE6EFD4310F2B853DD9C583784E93958458683

Function 00DF1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 89c01d8a35b136786e4aff457a5f763ff2b85cc06f89c6802ad4b8dc21de88ab
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 2161F335609309EBD714CE2CC58033FBBE2ABC5350F6AC92DE6D98B251D270DD829B51

Function 00DF82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f26e280d693b4182bfc522a1277a245ad828a41758ed7d1eb76a066f63df2d3
Instruction ID: d91d40edb03b44d6466bed482047553165745388a92a2d2afaa6c5477c7dfde6
Opcode Fuzzy Hash: 8f26e280d693b4182bfc522a1277a245ad828a41758ed7d1eb76a066f63df2d3
Instruction Fuzzy Hash: 02613623A1A9954BC314453D5C453BAAA831BD2330F3FC3669AF18B3F4C96A88456363

Function 00DD42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9380e99406c829472902ed2e6853d4941f81242d92adfd12f182bd5b00d0c6
Instruction ID: 6a816037764de2a83e7e6777781d918d80ed623accdc0ab6fbc816a9ae5b96b8
Opcode Fuzzy Hash: 6a9380e99406c829472902ed2e6853d4941f81242d92adfd12f182bd5b00d0c6
Instruction Fuzzy Hash: 7081D1B4810B00AFD360EF39D947757BEF4AB06201F404A2EE4EA97695E7306459CBE3

Function 00DFE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: ac7f955f5524475a75a535f14da0efdd8a9f451607a17c3360dbcbcc2e09e5a6
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 5E516CB15083548FE314DF69D49436BBBE1BBC5318F054E2DE5E987390E379DA088B92

Function 00F4BDF5 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc97a69fbb122edd2bf65f43a298ee75780dca9d021634a2ce09a123b75be962
Instruction ID: f7659571934ccb414e601fae83dde45e80a63c92b4b49ef3647c3b78135cf4ea
Opcode Fuzzy Hash: bc97a69fbb122edd2bf65f43a298ee75780dca9d021634a2ce09a123b75be962
Instruction Fuzzy Hash: C551A7F3E182241BE308586CDC8977A76C9DB84360F2A423DEF59E3B84E8B95C0602D5

Function 00F0498F Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721b6944db6b8b71aee7406f2056e314470af7328f6a0457c6d872896d82b51c
Instruction ID: 86137ba0626f0fcf1fe4ad36eb0919b995558302d3ffa017680e062bd62fb97d
Opcode Fuzzy Hash: 721b6944db6b8b71aee7406f2056e314470af7328f6a0457c6d872896d82b51c
Instruction Fuzzy Hash: 575115F3A092106FE305AA2DEC817AAB6D6DBD8321F1B863DE3C4D3744E975580186C6

Function 00E07520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0c58e278b48ce66ce2a58aae16e6550936b432be88ab7c5aede0d23a7aee892
Instruction ID: 8fafbf57b15a3a9d4827efe065818254acda6f0cfbe6cad6590966d3822722d1
Opcode Fuzzy Hash: f0c58e278b48ce66ce2a58aae16e6550936b432be88ab7c5aede0d23a7aee892
Instruction Fuzzy Hash: 8A512831A0C2009FC7159E18DC90B2EB7E6FB85358F289A2CE8D5673D1C632FC548B91

Function 00DC5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddf71c99375e2a0c5a22bb08e974e9f430cc48aa889155d42b95e55b43c4b6f4
Instruction ID: 252e7055d7124e8408ec5288f12471bdb999b53bd78dd77da5b68beebde9fe6d
Opcode Fuzzy Hash: ddf71c99375e2a0c5a22bb08e974e9f430cc48aa889155d42b95e55b43c4b6f4
Instruction Fuzzy Hash: 6451D575A047069FC714DF14E890E26B7A1FF85324F19466CF89A8B356D631FC82CBA2

Function 00DEEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe15f8d15312c2e872a17c32fc37ffaa951a8b437a2bdd1a0638e97627c840fa
Instruction ID: 379d0fc568e6a90f88e44e118fb71d18e3dd4ba3c7798b0ae62583b4e3e2315e
Opcode Fuzzy Hash: fe15f8d15312c2e872a17c32fc37ffaa951a8b437a2bdd1a0638e97627c840fa
Instruction Fuzzy Hash: D3419E7490035ADFDF209F55DC91BA9B7B0FF0A300F184548E945BB3A1EB39A951CBA1

Function 00E09B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1e50e3218725e86deb6f178aa1eadc61a481a47c5673e4bed3533ad9eae4b5
Instruction ID: 976a0df511d8bba08509cc12c77d410476d92a9469717cdf5b6d03889288f57d
Opcode Fuzzy Hash: 3d1e50e3218725e86deb6f178aa1eadc61a481a47c5673e4bed3533ad9eae4b5
Instruction Fuzzy Hash: FE418B34608300AFE7109F15D9D1B2BF7E6EB85714F28982CF589A7293D371E881CB66

Function 00DD2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03de9c28665806a0ca3ecfddd6ebe3473e33d182c68f6d420d53ba50e7e8c608
Instruction ID: ee073663f0ee71e4ececad890426d3ef51380a3ef10c7420d9254d0e77068e4e
Opcode Fuzzy Hash: 03de9c28665806a0ca3ecfddd6ebe3473e33d182c68f6d420d53ba50e7e8c608
Instruction Fuzzy Hash: FB41F632A083654FD35CCF29889023ABBE2ABD5300F19C62FE4E6873D0DA748945D791

Function 00DD1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea87ae65e691d14c5687e8d5e426a9ca7c5437e7b6719baf7386ab04a9ee343
Instruction ID: c353068669f0b7f180b582947e8882db16ea2ab3f64d8d6f5211407fa64ed811
Opcode Fuzzy Hash: 6ea87ae65e691d14c5687e8d5e426a9ca7c5437e7b6719baf7386ab04a9ee343
Instruction Fuzzy Hash: 9E410F7550C380ABC320AB59C884B2EFBF5FB96354F14491DF6C497392C37AE8148B66

Function 00E08D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab27703c5d467d94743f671c359bebc12c28252b097d1b9d34360bd2672b935a
Instruction ID: 7becc71af1b118b88c7c8aa416b8c94465dc5b271d84bb3ad12e980cfeafacde
Opcode Fuzzy Hash: ab27703c5d467d94743f671c359bebc12c28252b097d1b9d34360bd2672b935a
Instruction Fuzzy Hash: DD41EF3160C3508FC304DF68C59052EFBEAAF99304F099A2DD4D5E72A1CB74DD458B82

Function 00DDD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7bb8aed00f1077b7d69415cb4f3e1a98e6db58c31249354910995e35a5e9aa9
Instruction ID: ce642ea9ae628a3fba1d6061f9bc195beb3475f1eee6eaf66df89e7b6beeab2c
Opcode Fuzzy Hash: b7bb8aed00f1077b7d69415cb4f3e1a98e6db58c31249354910995e35a5e9aa9
Instruction Fuzzy Hash: 5841DCB16483818BD7309F14C885BABB3B1FFA6360F08495DE48A8B792E7754841CB63

Function 00E46699 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448ab2713c5873b3ff2161e2dfd1c224426e4b2a3c3874455f192896107fcb48
Instruction ID: 01614c00ce8986b28f858df1b02d1c4416a5f0cb9b86a2cf01e59508f4ec069a
Opcode Fuzzy Hash: 448ab2713c5873b3ff2161e2dfd1c224426e4b2a3c3874455f192896107fcb48
Instruction Fuzzy Hash: B13147F751C6084BE304BA2DEC81376BAD5DFA4220F1A862DC6C4C3784F93659064286

Function 00DFF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 9a07b7929f1da603e135d972f15658b4df0f12cee2e2fb8bc52ccd350a5aa6e9
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: AB21F5329082284BC3249B5DC48163BF7E5EF99704F0BC62EEAC4A7295E7359C1487E5

Function 00E067EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93808a5aaf19148b84a046c149eecf795622627fba3455cfd4db2237ec527c84
Instruction ID: 5fe931911ec8f18228f3c93b63872031368796b1fcb4620eee269243bd25bb8c
Opcode Fuzzy Hash: 93808a5aaf19148b84a046c149eecf795622627fba3455cfd4db2237ec527c84
Instruction Fuzzy Hash: 9131287051C3829AD714CF14C49062FBBF0EF96788F54A80DF4C8AB2A1D338D995CB9A

Function 00DE5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc84e163ab83865e75510dd5a5700e8a905ace9f0b14828f0b84980899b52afd
Instruction ID: 4214050a33ba819ec30568d02d7a7b2c402833e9361b19735e744655eabf57e4
Opcode Fuzzy Hash: cc84e163ab83865e75510dd5a5700e8a905ace9f0b14828f0b84980899b52afd
Instruction Fuzzy Hash: 1D21B071508641DBC310AF29D85192BB7F4EF927A8F48890CF4D99B296E335CA00CBB3

Function 00DC49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 691ee77285e25e0563fffdc58b559d64e038de964c48ab0f8cecd434d0234cd4
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 0431E5316582129BD7109E58D8A0F2BB7E1EF8435CF1C892CE8DACB241D631DC42CB66

Function 00E064B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a90cc5a2adc9742809724f4245c02b7ea3030d719a69c5c6f9e604ca310d3032
Instruction ID: 7d7225517656908c709da7091a03176f7272281bcd173ba94d21c92f12813081
Opcode Fuzzy Hash: a90cc5a2adc9742809724f4245c02b7ea3030d719a69c5c6f9e604ca310d3032
Instruction Fuzzy Hash: D421397050C241DFD705EF19D480A2EFBE6FBD5745F18981CE4D4A72A1C335A8A4CB62

Function 0102CC2B Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7eb8900b0389b7333d03797887fc2f0391aa479db45263a709835c4d06a8c2
Instruction ID: 07cdad5b324c42492fe6f89acd15ac9298a1572cc35580bf11380ad2d402b467
Opcode Fuzzy Hash: 4b7eb8900b0389b7333d03797887fc2f0391aa479db45263a709835c4d06a8c2
Instruction Fuzzy Hash: A62136B250C304DFE318BF29E88566AFBE5EF98310F16492CE6D583740EA3168149A5B

Function 00DD0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc32c811787c168b784adfe4735afd958e23a7ff42e0dcf38e7738205677bb7d
Instruction ID: 65529d002218870ba4d7fe7734db2f1fef03233ca364480bbce5b2ded813532e
Opcode Fuzzy Hash: fc32c811787c168b784adfe4735afd958e23a7ff42e0dcf38e7738205677bb7d
Instruction Fuzzy Hash: E6211AB490022A9FDB15CFA4CC90BBEBBB5FF4A304F244859E511BB392C735A915CB64

Function 00E05700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af1e124fd29c3f78bf32ddf0079fe58dab921ebb25457811319623a1afa8c1ff
Instruction ID: c13f0e3eb89b54967b239992a451125d9e3a2e0da1ba68bd857bde851939195e
Opcode Fuzzy Hash: af1e124fd29c3f78bf32ddf0079fe58dab921ebb25457811319623a1afa8c1ff
Instruction Fuzzy Hash: 5C11A07191C240EBD301AF28E844A5BBBF5EF9A710F09982CE4C4AB2A1D335D854CB93

Function 00DFB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: ed80b973b79cefbd783b16d3ce97690cbfec434ce1b322bd5e620c77e7a9d4d6
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 8611C633A051D90EC3168D3CC840575BFE31AA7234B5E839AE4B4DF2D2D7228D8A8364

Function 00DF0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: a9427f7de36a7955d78aca04086845ccdf053e3d3706127c9c93383d5b10bb92
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: D901B1F1A1030647E7209F5198D0B3BB6A8AF80718F1EC52CEB0A87203DB71EC06C6B1

Function 00DED1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249097f3f12a7c455d3810d381c10f59422490d36205a79b1d610283034bdf2b
Instruction ID: 32cb50d8f14137ade2c65988719aa55de90877002f41bf10c2bfa20f3b325881
Opcode Fuzzy Hash: 249097f3f12a7c455d3810d381c10f59422490d36205a79b1d610283034bdf2b
Instruction Fuzzy Hash: 2C11EFB0408380AFD310AF618584A2FFBE5EB96754F148C0DF6A49B251C775D819CF56

Function 00DC6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cc6706f463f0b109606aa8830d0b2d63e9db7dce3aba0d5cee1c63ff0ea17b2
Instruction ID: 113c059465dde88afa61f3cbb2375abdaa60af41a7f2fb16077b5ab78f0a755a
Opcode Fuzzy Hash: 5cc6706f463f0b109606aa8830d0b2d63e9db7dce3aba0d5cee1c63ff0ea17b2
Instruction Fuzzy Hash: 18F0B43A71921A0FA610CDABA8C4D3BF396DBD9355B18553DEA41D3201DDB2E80691A0

Function 00DFB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00DDC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00DDB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 2da602897fc45d4e38a343457b6495e038043e133177002b418e552af01cb61c
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 12F0A7B160451497DB22CA589C80B3BBBDCCB9636CF1A0427E84557303D2615845C3F5

Function 00DF8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76276a7cdd457cad1e221d31b524aea345124b6d898382e3406636164696b46d
Instruction ID: e9ca87a704c7872f2de750e1995c73485a853d6111d9e40dd18641337849e322
Opcode Fuzzy Hash: 76276a7cdd457cad1e221d31b524aea345124b6d898382e3406636164696b46d
Instruction Fuzzy Hash: B201E4B04147009FD360EF29C886757BBE8EB48714F104A1DE8AECB680D771A588CB82

Function 00E01440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: cb58f98ce8386ee577bc0eca1e4dacdd9145138d3bce9fc60f2e59eaf909ae28
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 7DD0A73160832246DF748E19A400977F7F0EAC7B55F49A59EF596F7198D230DC81C2A9

Function 00DD1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c923a3e63067f13786ed4311e166813969a655e0e2e4208862e690b43f741e
Instruction ID: 18f72016a1e8f4dd568d244cb8a9569821e00544aede9055ac2b943a2a588712
Opcode Fuzzy Hash: 76c923a3e63067f13786ed4311e166813969a655e0e2e4208862e690b43f741e
Instruction Fuzzy Hash: 08C08C38A181008FC204CF02FCD5576B3B8E307308700B03AEE23F3B61CA20D82E8909

Function 00E06094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf6c3a03d97dc47049396e63acc452432c8f8c10c2e684140bd779dd447b9bf9
Instruction ID: e04c48dfd2c906a07031f3458803a779de968e136da2afb293cc21448eaca3e4
Opcode Fuzzy Hash: cf6c3a03d97dc47049396e63acc452432c8f8c10c2e684140bd779dd447b9bf9
Instruction Fuzzy Hash: CBC04C3465C0008A9508CE1599518B5E2A69B97754724F019C84733295D128D916991C

Function 00DD1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4879dfc5fc77f0fb1d7c651d31a645ec7b1997dd72a90dc7636cc1e6b3d54e
Instruction ID: 88bf5e366009fdf20ece2ff01f847d511de0f1be28f811b153dccef3ca4bf0af
Opcode Fuzzy Hash: 7c4879dfc5fc77f0fb1d7c651d31a645ec7b1997dd72a90dc7636cc1e6b3d54e
Instruction Fuzzy Hash: C6C04C34A591408EC654CE86A8D1531A2A99306208710303ADA52F7661C561D4598509

Function 00E05FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2210368566.0000000000DC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DC0000, based on PE: true

Associated: 00000000.00000002.2210351435.0000000000DC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210403855.0000000000E20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210421676.0000000000E2C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210513629.0000000000F89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210527997.0000000000F8C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210543584.0000000000FA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210573849.0000000000FC3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210586168.0000000000FC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210601968.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210613913.0000000000FDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210626937.0000000000FE3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210640001.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210662096.0000000001013000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210677318.0000000001014000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210692648.0000000001015000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210707471.000000000101B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210719241.000000000101C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210733050.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210747016.000000000102A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210759534.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210771925.000000000102E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210784136.000000000102F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210796771.0000000001036000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210810110.000000000103B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210822672.000000000103C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210835376.000000000103F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210847462.0000000001047000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210860579.0000000001048000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210874740.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210889113.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210904929.0000000001064000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001068000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210920697.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210956433.0000000001099000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210970825.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2210985522.00000000010B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211000186.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211013131.00000000010B8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211044095.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211059728.00000000010C8000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dc0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34f033e9bbad96eee5e61f7792e612d166a3dfd4d8e11434a99aa40dfd0a369
Instruction ID: 93850a4ed23bbf818cbc4698310632d2761942b3cb2b9ab9d0c699f25b6e1f28
Opcode Fuzzy Hash: f34f033e9bbad96eee5e61f7792e612d166a3dfd4d8e11434a99aa40dfd0a369
Instruction Fuzzy Hash: 4AC09234B6C0008FA64CCF2ADD51DB5F2FA9B8BB18B14F02DC807B3256E138D91A860C

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00DCFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00DCD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00E05BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00E0695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00DD049B Relevance: .3, Instructions: 264
COMMON

Function 00DD0228 Relevance: .2, Instructions: 218
COMMON

Function 00E099D0 Relevance: .1, Instructions: 143
COMMON

Function 00E03220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00E03202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON