Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1542005
MD5:	896418905011db3776f73ad7fa70a8be
SHA1:	0f5bfde63012a1311ee8f6363d5d6d50899db759
SHA256:	63375a7cf3fbf5b233ac070617e238c90135c66459f1c19a31af356a721b1ed9
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 3664 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 896418905011DB3776F73AD7FA70A8BE)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "mobbipenju.store", "spirittunek.store", "dissapoiznw.store", "studennotediw.store", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site"], "Build id": "NvF--"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.756517+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.6	62685	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.692511+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.6	63447	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.731020+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.6	52235	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.718511+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.6	55253	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.780319+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.6	53514	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.706985+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.6	64181	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.768203+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.6	56895	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:19.744776+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.6	65395	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T12:33:21.530443+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49721	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.3664.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "mobbipenju.store", "spirittunek.store", "dissapoiznw.store", "studennotediw.store", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site"], "Build id": "NvF--"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49721 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A450FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A0D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A0D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00A463B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A45700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00A499D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00A4695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00A0FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00A10EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A46094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00A16F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00A3F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00A01000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00A44040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00A2D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A142FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00A22260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00A22260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00A0A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00A464B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00A2E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00A1B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00A2C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00A41440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A1D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00A08590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00A47520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A16536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A29510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00A2E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00A3B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00A2D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00A467EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00A47710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00A228E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00A049A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00A43920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00A1D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A11ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A11A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00A44A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00A05A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00A30B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A13BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00A11BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00A49B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00A1DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00A1DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A2AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00A2AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A49CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00A49CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00A2CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A2CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00A2CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00A3FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00A27C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00A2EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A48D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00A2DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00A2FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00A06EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00A0BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00A16EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00A11E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00A14E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A27E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A25E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00A2AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00A16F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00A47FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A47FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A08FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A45FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00A1FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A29F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A3FF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:64181 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:55253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:65395 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:56895 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:52235 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:62685 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:53514 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:63447 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49721 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: clearancek.site

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://r equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2289952024.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=348a2921c885650f223f8570; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35741Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 10:33:21 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: eampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; o equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: re.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.y]{ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0s
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2292734958.0000000001527000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306756979.0000000001527000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.s
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dL
Source: file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.clo
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apiiH
Source: file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.st
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store:443/api
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.y
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/DI
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/LIjb7
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/TIbb6
Source: file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiN=pc
Source: file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiW
Source: file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/apii
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.ne
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.0000000001504000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2306587147.0000000001504000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2289952024.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
Source: file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49721 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A10228	0_2_00A10228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4A0D0	0_2_00A4A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B690C0	0_2_00B690C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12030	0_2_00A12030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A01000	0_2_00A01000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A44040	0_2_00A44040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E1A0	0_2_00A0E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A071F0	0_2_00A071F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132	0_2_00BDE132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A05160	0_2_00A05160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A012F7	0_2_00A012F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A382D0	0_2_00A382D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A312D0	0_2_00A312D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD323F	0_2_00BD323F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0B3A0	0_2_00A0B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A013A3	0_2_00A013A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A323E0	0_2_00A323E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A300	0_2_00A0A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD1306	0_2_00BD1306
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A377	0_2_00B3A377
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B034AD	0_2_00B034AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14487	0_2_00A14487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1049B	0_2_00A1049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A364F0	0_2_00A364F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A4E0	0_2_00B4A4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2C470	0_2_00A2C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A035B0	0_2_00A035B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A08590	0_2_00A08590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1C5F0	0_2_00A1C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE55EA	0_2_00BE55EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A486F0	0_2_00A486F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3F620	0_2_00A3F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0164F	0_2_00A0164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48652	0_2_00A48652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCF73C	0_2_00BCF73C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E8A0	0_2_00A3E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B898F6	0_2_00B898F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3B8C0	0_2_00A3B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A31860	0_2_00A31860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A850	0_2_00A0A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A489A0	0_2_00A489A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2098B	0_2_00A2098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B319DF	0_2_00B319DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD494D	0_2_00BD494D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A47AB0	0_2_00A47AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48A80	0_2_00A48A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE3A8F	0_2_00BE3A8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD9AD4	0_2_00BD9AD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEA0D	0_2_00BDEA0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A44A40	0_2_00A44A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A07BF0	0_2_00A07BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1DB6F	0_2_00A1DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A46CBF	0_2_00A46CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2CCD0	0_2_00A2CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48C02	0_2_00A48C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCDF5	0_2_00ABCDF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6DDA	0_2_00AF6DDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2DD29	0_2_00A2DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2FD10	0_2_00A2FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A28D62	0_2_00A28D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0D5F	0_2_00BE0D5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0BEB0	0_2_00A0BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A16EBF	0_2_00A16EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14E2A	0_2_00A14E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48E70	0_2_00A48E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2AE57	0_2_00A2AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A47FC0	0_2_00A47FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A08FD0	0_2_00A08FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE1F29	0_2_00BE1F29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3F07	0_2_00AF3F07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0AF10	0_2_00A0AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD7F71	0_2_00BD7F71

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A1D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A0CAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9994585396039604

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A38220 CoCreateInstance,

0_2_00A38220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 3006976 > 1048576

Source: file.exe

Static PE information: Raw size of laydecdw is bigger than: 0x100000 < 0x2b4c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a00000.0.unpack :EW;.rsrc :W;.idata :W;laydecdw:EW;esyilstb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;laydecdw:EW;esyilstb:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2e5ba1 should be: 0x2e98a3

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: laydecdw
Source: file.exe	Static PE information: section name: esyilstb
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B690C0 push edx; mov dword ptr [esp], 7F6F0282h	0_2_00B691E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B690C0 push eax; mov dword ptr [esp], 503C01AAh	0_2_00B69314
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B690C0 push eax; mov dword ptr [esp], 0CBF7816h	0_2_00B69329
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15051 push eax; mov dword ptr [esp], 2B374A0Bh	0_2_00D150CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15051 push edi; mov dword ptr [esp], 5EF95A7Ch	0_2_00D150EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15051 push edi; mov dword ptr [esp], 7777C5D7h	0_2_00D1511A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15051 push eax; mov dword ptr [esp], 3CC94EC2h	0_2_00D15137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15051 push 7A1129EAh; mov dword ptr [esp], eax	0_2_00D15167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0605F push eax; mov dword ptr [esp], 7777B729h	0_2_00C060A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A006 push ebx; mov dword ptr [esp], 2CA4D4BEh	0_2_00A68CC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A006 push edi; mov dword ptr [esp], eax	0_2_00A6A045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A006 push esi; mov dword ptr [esp], 0E0DA0D4h	0_2_00A6A20E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C531FE push 2B87A050h; mov dword ptr [esp], ebp	0_2_00C53261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15191 push ebp; mov dword ptr [esp], 6C4C974Ah	0_2_00D15192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15191 push 6B034AF3h; mov dword ptr [esp], ebx	0_2_00D151C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15191 push ecx; mov dword ptr [esp], 7EFF6961h	0_2_00D151E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15191 push esi; mov dword ptr [esp], ebx	0_2_00D152D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15191 push ebx; mov dword ptr [esp], edi	0_2_00D152E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4180 push ecx; mov dword ptr [esp], esi	0_2_00CD4184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132 push eax; mov dword ptr [esp], esi	0_2_00BDE13C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132 push ebp; mov dword ptr [esp], ecx	0_2_00BDE1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132 push 0850532Ah; mov dword ptr [esp], ebx	0_2_00BDE222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132 push 06BEE955h; mov dword ptr [esp], ebp	0_2_00BDE267
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE132 push eax; mov dword ptr [esp], 410383C4h	0_2_00BDE2C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94157 push 2FFC1200h; mov dword ptr [esp], ebx	0_2_00C9471D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC42C6 push ecx; mov dword ptr [esp], 46194A7Dh	0_2_00CC430A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C972F6 push 1D639AEAh; mov dword ptr [esp], ebx	0_2_00C97341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90280 push 622368C6h; mov dword ptr [esp], edi	0_2_00C902DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0281 push ebp; mov dword ptr [esp], eax	0_2_00CC02C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA2D5 push 43204283h; mov dword ptr [esp], ebp	0_2_00BEA30D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD323F push edi; mov dword ptr [esp], ebp	0_2_00BD325A

Source: file.exe

Static PE information: section name: entropy: 7.97403648784397

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA656 second address: BEA65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA65F second address: BEA66C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC5A2 second address: BEC61D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF900E20CCCh 0x00000008 jnl 00007FF900E20CC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xor dword ptr [esp], 28141156h 0x00000017 mov dl, B7h 0x00000019 push 00000003h 0x0000001b mov dword ptr [ebp+122D32A1h], edi 0x00000021 and dx, DCDCh 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007FF900E20CC8h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 or esi, dword ptr [ebp+122D2EC5h] 0x00000048 mov dword ptr [ebp+122D207Ah], ecx 0x0000004e push 00000003h 0x00000050 and edi, dword ptr [ebp+122D2E91h] 0x00000056 cld 0x00000057 push E1A183EAh 0x0000005c push ecx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FF900E20CD4h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC78A second address: BEC825 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov dword ptr [ebp+122D3761h], esi 0x0000000f push 00000003h 0x00000011 mov dword ptr [ebp+122D1C6Eh], eax 0x00000017 or dword ptr [ebp+122D1D7Dh], eax 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007FF9011B7458h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 0000001Ch 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 mov dl, cl 0x0000003b push 00000003h 0x0000003d mov dword ptr [ebp+122D1D67h], edx 0x00000043 push 8B1A6461h 0x00000048 jmp 00007FF9011B7465h 0x0000004d xor dword ptr [esp], 4B1A6461h 0x00000054 call 00007FF9011B745Bh 0x00000059 mov cx, ax 0x0000005c pop edi 0x0000005d lea ebx, dword ptr [ebp+1245C496h] 0x00000063 push edx 0x00000064 mov edi, dword ptr [ebp+122D1DD6h] 0x0000006a pop esi 0x0000006b ja 00007FF9011B745Bh 0x00000071 push eax 0x00000072 pushad 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DE70 second address: C0DE9C instructions: 0x00000000 rdtsc 0x00000002 je 00007FF900E20CD2h 0x00000008 jne 00007FF900E20CC6h 0x0000000e jnp 00007FF900E20CC6h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 jmp 00007FF900E20CD1h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DE9C second address: C0DEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FF9011B7467h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DEB8 second address: C0DECC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF900E20CCCh 0x00000008 jnl 00007FF900E20CC6h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0BDB7 second address: C0BDBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0BDBB second address: C0BDC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0BDC1 second address: C0BDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF9011B7456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C0A9 second address: C0C0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C0B1 second address: C0C0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C0B6 second address: C0C0C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FF900E20CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C0C2 second address: C0C0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C1FA second address: C0C251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FF900E20CD2h 0x0000000b jne 00007FF900E20CC6h 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007FF900E20CD0h 0x0000001b jmp 00007FF900E20CD1h 0x00000020 popad 0x00000021 jng 00007FF900E20CD2h 0x00000027 jmp 00007FF900E20CCCh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C884 second address: C0C889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0C9AF second address: C0C9CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CE1A second address: C0CE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CE1F second address: C0CE42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007FF900E20CC6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF900E20CD5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CE42 second address: C0CE46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CE46 second address: C0CE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CE4C second address: C0CE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF9011B7468h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02DD8 second address: C02E07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 js 00007FF900E20CC6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007FF900E20CD9h 0x00000014 pop edx 0x00000015 pushad 0x00000016 push edx 0x00000017 pop edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02E07 second address: C02E1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF9011B7463h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD5ED5 second address: BD5EDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0D8F4 second address: C0D907 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0D907 second address: C0D915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF900E20CD2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0D915 second address: C0D91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DCE0 second address: C0DCE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DCE4 second address: C0DD0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Dh 0x00000007 jmp 00007FF9011B7465h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DD0A second address: C0DD12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DD12 second address: C0DD50 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF9011B7464h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jbe 00007FF9011B7456h 0x00000015 jmp 00007FF9011B745Fh 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f jo 00007FF9011B7456h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10E1F second address: C10E4B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FF900E20CCCh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF900E20CD5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10E4B second address: C10E55 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10E55 second address: C10E8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FF900E20CD7h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10E8B second address: C10E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10E8F second address: C10EB2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF900E20CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007FF900E20CC6h 0x00000013 popad 0x00000014 popad 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push ecx 0x0000001a pushad 0x0000001b jo 00007FF900E20CC6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0FEB9 second address: C0FEBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10F64 second address: C10F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FF900E20CDDh 0x00000011 jmp 00007FF900E20CD7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1111D second address: C1112B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1593A second address: C15940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A594 second address: C1A59A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF229 second address: BCF23F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF900E20CCCh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19A82 second address: C19A88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19BB1 second address: C19BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF900E20CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FF900E20CC6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19BC5 second address: C19BE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF9011B7468h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19BE5 second address: C19BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19BEB second address: C19BF8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19D23 second address: C19D3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CD5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19E94 second address: C19E98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19E98 second address: C19E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19E9C second address: C19EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19EA8 second address: C19EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF900E20CC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19EB2 second address: C19EC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19EC5 second address: C19ED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CCAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A3F2 second address: C1A3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A3F7 second address: C1A402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FF900E20CC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A402 second address: C1A41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF9011B7456h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF9011B745Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A41E second address: C1A422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A422 second address: C1A444 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF9011B7460h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jbe 00007FF9011B7483h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A444 second address: C1A459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF900E20CD1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C2D2 second address: C1C30C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b jp 00007FF9011B7456h 0x00000011 pop ecx 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007FF9011B7463h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 jg 00007FF9011B745Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C30C second address: C1C38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jp 00007FF900E20CD0h 0x00000013 pop eax 0x00000014 mov edi, dword ptr [ebp+122D2B75h] 0x0000001a call 00007FF900E20CC9h 0x0000001f jmp 00007FF900E20CCDh 0x00000024 push eax 0x00000025 pushad 0x00000026 pushad 0x00000027 jp 00007FF900E20CC6h 0x0000002d jg 00007FF900E20CC6h 0x00000033 popad 0x00000034 jno 00007FF900E20CCCh 0x0000003a popad 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f pushad 0x00000040 jmp 00007FF900E20CD6h 0x00000045 pushad 0x00000046 push edx 0x00000047 pop edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9AD second address: C1C9C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7463h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C9C4 second address: C1C9E1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF900E20CCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jg 00007FF900E20CC6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF92 second address: C1CF96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF96 second address: C1CF9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D147 second address: C1D159 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FF9011B7458h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D3C3 second address: C1D3C9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D8E0 second address: C1D8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1E263 second address: C1E267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FF54 second address: C1FF66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FCA4 second address: C1FCCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF900E20CD8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FCCE second address: C1FCD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF9011B7456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C20A1E second address: C20A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C214C7 second address: C21549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF9011B7463h 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e jg 00007FF9011B7458h 0x00000014 pop ecx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FF9011B7458h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jc 00007FF9011B745Ah 0x00000036 mov si, 8938h 0x0000003a mov dword ptr [ebp+122D2000h], ebx 0x00000040 push 00000000h 0x00000042 jmp 00007FF9011B7468h 0x00000047 push 00000000h 0x00000049 and di, 06BEh 0x0000004e push eax 0x0000004f jo 00007FF9011B7479h 0x00000055 push eax 0x00000056 push edx 0x00000057 jo 00007FF9011B7456h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21F96 second address: C21FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FF900E20CC8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21FA7 second address: C21FAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21FAD second address: C21FDF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov esi, dword ptr [ebp+122D5CEEh] 0x0000000f push 00000000h 0x00000011 mov esi, 7826ED76h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 pop esi 0x0000001a xchg eax, ebx 0x0000001b jmp 00007FF900E20CD1h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21FDF second address: C21FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21FE4 second address: C21FEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF900E20CC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22ACD second address: C22AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2331A second address: C23336 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23336 second address: C2333A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25420 second address: C25431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2333A second address: C2334F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007FF9011B7456h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25431 second address: C25496 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF900E20CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FF900E20CC8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, eax 0x00000029 mov dword ptr [ebp+122D32A1h], ecx 0x0000002f push 00000000h 0x00000031 mov ebx, 16E301E0h 0x00000036 mov bx, dx 0x00000039 push 00000000h 0x0000003b jmp 00007FF900E20CD7h 0x00000040 mov di, 08C8h 0x00000044 xchg eax, esi 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jl 00007FF900E20CC6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25496 second address: C254A0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C254A0 second address: C254B6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF900E20CCCh 0x00000008 jl 00007FF900E20CC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C254B6 second address: C254BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C254BA second address: C254D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF900E20CD7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26552 second address: C26571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7464h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26571 second address: C2657B instructions: 0x00000000 rdtsc 0x00000002 js 00007FF900E20CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2562F second address: C25634 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2657B second address: C26585 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF900E20CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2768A second address: C27690 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26750 second address: C26755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27690 second address: C27694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26755 second address: C267EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF900E20CD5h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FF900E20CD4h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FF900E20CC8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D3795h], ebx 0x00000034 push dword ptr fs:[00000000h] 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov dword ptr [ebp+122D1E21h], eax 0x00000048 js 00007FF900E20CCCh 0x0000004e add dword ptr [ebp+122D21DCh], ecx 0x00000054 mov eax, dword ptr [ebp+122D0FC1h] 0x0000005a push FFFFFFFFh 0x0000005c sub edi, dword ptr [ebp+122D2C65h] 0x00000062 nop 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 jbe 00007FF900E20CC6h 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C267EA second address: C267EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27875 second address: C2787A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C267EF second address: C267F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF9011B7456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29696 second address: C2969C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C28949 second address: C289E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7464h 0x00000009 popad 0x0000000a nop 0x0000000b jno 00007FF9011B745Ch 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007FF9011B7458h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 movzx edi, bx 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c mov eax, dword ptr [ebp+122D126Dh] 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FF9011B7458h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c add edi, dword ptr [ebp+122D2059h] 0x00000062 push FFFFFFFFh 0x00000064 sub dword ptr [ebp+122D382Dh], eax 0x0000006a nop 0x0000006b pushad 0x0000006c pushad 0x0000006d pushad 0x0000006e popad 0x0000006f pushad 0x00000070 popad 0x00000071 popad 0x00000072 push eax 0x00000073 push edx 0x00000074 pushad 0x00000075 popad 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C267F9 second address: C26810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FF900E20CCCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C289E3 second address: C289E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29751 second address: C2975C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF900E20CC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C289E7 second address: C289FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a jo 00007FF9011B7456h 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2975C second address: C29762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C289FC second address: C28A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29762 second address: C29766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29766 second address: C29777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29777 second address: C2977C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B807 second address: C2B80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B80B second address: C2B815 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF900E20CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C6BB second address: C2C6C5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D761 second address: C2D765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D765 second address: C2D786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FF9011B745Bh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jp 00007FF9011B7456h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C876 second address: C2C87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D786 second address: C2D7DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ecx 0x00000009 popad 0x0000000a nop 0x0000000b jns 00007FF9011B7458h 0x00000011 push 00000000h 0x00000013 and di, 7922h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FF9011B7458h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov edi, 23B2A047h 0x00000039 xchg eax, esi 0x0000003a jo 00007FF9011B745Eh 0x00000040 push edx 0x00000041 jne 00007FF9011B7456h 0x00000047 pop edx 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D7DD second address: C2D7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D7E1 second address: C2D7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D7E5 second address: C2D7EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E87B second address: C2E87F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E87F second address: C2E889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E889 second address: C2E88D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F743 second address: C2F758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FF900E20CC6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F758 second address: C2F767 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F767 second address: C2F7C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FF900E20CC8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D5C70h], esi 0x0000002a push 00000000h 0x0000002c add edi, 595E7147h 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+122D2F1Ch], ebx 0x0000003a push eax 0x0000003b pushad 0x0000003c jmp 00007FF900E20CCEh 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F7C9 second address: C2F7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C306A3 second address: C306A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C306A7 second address: C306AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C306AB second address: C306B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C306B1 second address: C306C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF9011B745Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C318E2 second address: C318E7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3386B second address: C338D9 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FF9011B7463h 0x00000013 push 00000000h 0x00000015 pushad 0x00000016 mov ecx, dword ptr [ebp+124599FBh] 0x0000001c pushad 0x0000001d mov dword ptr [ebp+1246D1B7h], esi 0x00000023 mov ebx, dword ptr [ebp+122D2E2Dh] 0x00000029 popad 0x0000002a popad 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007FF9011B7458h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 xor di, 7A6Ah 0x0000004c xchg eax, esi 0x0000004d pushad 0x0000004e jc 00007FF9011B745Ch 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C338D9 second address: C338EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF900E20CCCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C32994 second address: C329BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jns 00007FF9011B7460h 0x00000014 jc 00007FF9011B745Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34A07 second address: C34A21 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b jmp 00007FF900E20CCAh 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3EAFE second address: C3EB07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1A9D second address: BE1AA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1AA3 second address: BE1AA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1AA8 second address: BE1AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E1EB second address: C3E20A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7469h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E5DB second address: C3E607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF900E20CD0h 0x0000000b jmp 00007FF900E20CD6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42CBF second address: C42CC9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42CC9 second address: C42CD7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42CD7 second address: C42CF0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007FF9011B7456h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42CF0 second address: C42D07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42D07 second address: C42D3E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FF9011B7460h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FF9011B7466h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42E2F second address: C42E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jne 00007FF900E20CD1h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 je 00007FF900E20CC6h 0x00000016 jmp 00007FF900E20CCEh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42E5F second address: C42E64 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42E64 second address: C42EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jbe 00007FF900E20CDAh 0x00000011 jnc 00007FF900E20CD4h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a jmp 00007FF900E20CD3h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 pushad 0x00000025 push ecx 0x00000026 jnl 00007FF900E20CC6h 0x0000002c pop ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42EB1 second address: C42EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42EB5 second address: A63DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 jnc 00007FF900E20CC7h 0x0000000e push dword ptr [ebp+122D1701h] 0x00000014 cld 0x00000015 call dword ptr [ebp+122D21F6h] 0x0000001b pushad 0x0000001c stc 0x0000001d mov dword ptr [ebp+122D2278h], edi 0x00000023 xor eax, eax 0x00000025 clc 0x00000026 mov edx, dword ptr [esp+28h] 0x0000002a jmp 00007FF900E20CCAh 0x0000002f mov dword ptr [ebp+122D2D01h], eax 0x00000035 jns 00007FF900E20CC7h 0x0000003b mov esi, 0000003Ch 0x00000040 cmc 0x00000041 or dword ptr [ebp+122D3348h], edi 0x00000047 add esi, dword ptr [esp+24h] 0x0000004b jmp 00007FF900E20CD0h 0x00000050 lodsw 0x00000052 stc 0x00000053 add eax, dword ptr [esp+24h] 0x00000057 stc 0x00000058 mov ebx, dword ptr [esp+24h] 0x0000005c or dword ptr [ebp+122D3348h], esi 0x00000062 nop 0x00000063 push eax 0x00000064 push edx 0x00000065 jbe 00007FF900E20CC8h 0x0000006b push eax 0x0000006c pop eax 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C48FE0 second address: C48FEA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF9011B745Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4935D second address: C49361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49361 second address: C49367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C494C9 second address: C494CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49629 second address: C4963C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF9011B745Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C497C3 second address: C497C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49944 second address: C4994F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4994F second address: C4995E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CCBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4995E second address: C49962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49AB7 second address: C49AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007FF900E20CC8h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C49AC8 second address: C49ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E21D second address: C4E221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E221 second address: C4E23B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7460h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E23B second address: C4E23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B2C7 second address: C1B2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B2CB second address: A63DEA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FF900E20CC8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D1DD6h], ebx 0x00000028 push dword ptr [ebp+122D1701h] 0x0000002e add dword ptr [ebp+122D207Ah], edi 0x00000034 call dword ptr [ebp+122D21F6h] 0x0000003a pushad 0x0000003b stc 0x0000003c mov dword ptr [ebp+122D2278h], edi 0x00000042 xor eax, eax 0x00000044 clc 0x00000045 mov edx, dword ptr [esp+28h] 0x00000049 jmp 00007FF900E20CCAh 0x0000004e mov dword ptr [ebp+122D2D01h], eax 0x00000054 jns 00007FF900E20CC7h 0x0000005a mov esi, 0000003Ch 0x0000005f cmc 0x00000060 or dword ptr [ebp+122D3348h], edi 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a jmp 00007FF900E20CD0h 0x0000006f lodsw 0x00000071 stc 0x00000072 add eax, dword ptr [esp+24h] 0x00000076 stc 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b or dword ptr [ebp+122D3348h], esi 0x00000081 nop 0x00000082 push eax 0x00000083 push edx 0x00000084 jbe 00007FF900E20CC8h 0x0000008a push eax 0x0000008b pop eax 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B428 second address: C1B42E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B42E second address: C1B432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B48D second address: C1B497 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B497 second address: C1B4FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF900E20CD3h 0x00000008 jp 00007FF900E20CC6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push ebx 0x00000013 push edx 0x00000014 jmp 00007FF900E20CD1h 0x00000019 pop edx 0x0000001a pop ebx 0x0000001b xchg eax, esi 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007FF900E20CC8h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a jnc 00007FF900E20CC6h 0x00000040 jne 00007FF900E20CC6h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B4FB second address: C1B50C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF9011B745Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B50C second address: C1B510 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B642 second address: C1B646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B75A second address: C1B75F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B75F second address: C1B7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7467h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edx, 72CC718Eh 0x00000012 push 00000004h 0x00000014 jmp 00007FF9011B7462h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF9011B745Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B7A8 second address: C1B7AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BDE2 second address: C1BDE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BEAA second address: C1BEAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BEAF second address: C1BF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF9011B745Eh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FF9011B7458h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a add edx, dword ptr [ebp+122D21F6h] 0x00000030 lea eax, dword ptr [ebp+1248ABA8h] 0x00000036 stc 0x00000037 sub dx, FBB4h 0x0000003c nop 0x0000003d jmp 00007FF9011B745Dh 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FF9011B745Dh 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BF17 second address: C1BF45 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF900E20CD2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub edx, 39F33BA9h 0x00000011 lea eax, dword ptr [ebp+1248AB64h] 0x00000017 mov dword ptr [ebp+122D1DD6h], ebx 0x0000001d push eax 0x0000001e push esi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BF45 second address: C03965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FF9011B7458h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 jmp 00007FF9011B745Eh 0x0000002a add edi, dword ptr [ebp+122D37AAh] 0x00000030 mov edi, dword ptr [ebp+122D2BD9h] 0x00000036 call dword ptr [ebp+122D1CA7h] 0x0000003c push eax 0x0000003d push edx 0x0000003e push esi 0x0000003f pushad 0x00000040 popad 0x00000041 pop esi 0x00000042 push ebx 0x00000043 pushad 0x00000044 popad 0x00000045 pop ebx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C03965 second address: C0396B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0396B second address: C0396F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0396F second address: C0397E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007FF900E20CC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D715 second address: C4D71C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D84C second address: C4D876 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF900E20CD0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DB36 second address: C4DB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4DB3A second address: C4DB4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CCCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C539C0 second address: C539E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Eh 0x00000007 jmp 00007FF9011B745Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C539E0 second address: C53A1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b jmp 00007FF900E20CCEh 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FF900E20CCDh 0x0000001b jbe 00007FF900E20CC6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52853 second address: C52859 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52999 second address: C529A3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF900E20CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5312E second address: C5315D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF9011B7467h 0x0000000f js 00007FF9011B7462h 0x00000015 jne 00007FF9011B7456h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5341A second address: C5341E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5341E second address: C53438 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Dh 0x00000007 jl 00007FF9011B7456h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53438 second address: C5343E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0DD6 second address: BD0DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0DDC second address: BD0DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0DE0 second address: BD0DEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0DEB second address: BD0E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FF900E20CC6h 0x0000000c popad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 js 00007FF900E20CC6h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 jl 00007FF900E20CCCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0E0C second address: BD0E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0E16 second address: BD0E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF900E20CCFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0E2B second address: BD0E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A742 second address: C5A746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A746 second address: C5A75B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A75B second address: C5A761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60F65 second address: C60F8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF9011B7461h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF9011B745Ah 0x00000012 js 00007FF9011B7456h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60F8E second address: C60F92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60F92 second address: C60FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7468h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007FF9011B745Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB1C second address: C5FB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF900E20CD3h 0x0000000a pop ecx 0x0000000b push esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB3B second address: C5FB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FB41 second address: C5FB55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF900E20CCBh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FE17 second address: C5FE3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7466h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FF9011B7456h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FE3B second address: C5FE58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FE58 second address: C5FE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFA4 second address: C5FFB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF900E20CC6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFB1 second address: C5FFD7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF9011B745Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FF9011B745Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007FF9011B7456h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFD7 second address: C5FFDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFDB second address: C5FFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFE1 second address: C5FFE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FFE7 second address: C5FFED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C602CA second address: C602CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6045C second address: C6046D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push ebx 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6087D second address: C60881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C60DED second address: C60DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F6FB second address: C5F715 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FF900E20CC6h 0x00000009 js 00007FF900E20CC6h 0x0000000f jns 00007FF900E20CC6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F715 second address: C5F71B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63CD8 second address: C63CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63CDC second address: C63CE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63CE0 second address: C63D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF900E20CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007FF900E20CD9h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63D0D second address: C63D2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FF9011B7456h 0x0000000b jmp 00007FF9011B745Dh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63EDF second address: C63EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF900E20CC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63EE9 second address: C63EF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64038 second address: C64048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF900E20CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64048 second address: C6404E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6404E second address: C6405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66804 second address: C66825 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7469h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66825 second address: C66829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE35DD second address: BE35EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B745Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE35EE second address: BE3603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3603 second address: BE3607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3607 second address: BE3623 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A72C second address: C6A732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A732 second address: C6A736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A9D9 second address: C6A9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A9DE second address: C6A9F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF900E20CD3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A9F6 second address: C6AA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF9011B7468h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AC89 second address: C6AC98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007FF900E20CCEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AE0D second address: C6AE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AE13 second address: C6AE1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AE1B second address: C6AE65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FF9011B746Dh 0x00000012 jnp 00007FF9011B7471h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C703F1 second address: C7040D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF900E20CD1h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7056D second address: C70577 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70827 second address: C70832 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FF900E20CC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B957 second address: C1B9BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f jne 00007FF9011B745Eh 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FF9011B7458h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 pushad 0x00000031 mov bx, B9A4h 0x00000035 mov si, dx 0x00000038 popad 0x00000039 sub dword ptr [ebp+122D1C78h], esi 0x0000003f push 00000004h 0x00000041 movzx edx, di 0x00000044 nop 0x00000045 pushad 0x00000046 pushad 0x00000047 jmp 00007FF9011B745Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B9BA second address: C1B9DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007FF900E20CD0h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edi 0x0000000f jp 00007FF900E20CCCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B91F second address: C1B957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7468h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+1248ABA3h] 0x00000012 add eax, ebx 0x00000014 jg 00007FF9011B745Ch 0x0000001a nop 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70C30 second address: C70C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70D6C second address: C70D8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FF9011B745Ch 0x0000000f jp 00007FF9011B745Eh 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70D8B second address: C70D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71811 second address: C7181B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF9011B7456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7181B second address: C71836 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF900E20CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF900E20CD1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71836 second address: C7185E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF9011B7460h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FF9011B7462h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C732C1 second address: C732C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C732C8 second address: C732D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FF9011B7456h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C732D7 second address: C732FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C732FE second address: C73313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF9011B745Bh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7700F second address: C77019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF900E20CC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77019 second address: C7701D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C772B1 second address: C772B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C772B5 second address: C772BB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C772BB second address: C772C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77559 second address: C77564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DF14 second address: C7DF20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jno 00007FF900E20CC6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DF20 second address: C7DF24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DF24 second address: C7DF45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF900E20CD4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DF45 second address: C7DF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E484 second address: C7E4A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FF900E20CCCh 0x00000011 jno 00007FF900E20CC6h 0x00000017 pushad 0x00000018 push eax 0x00000019 pop eax 0x0000001a jno 00007FF900E20CC6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E4A6 second address: C7E4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E4AB second address: C7E4C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD7h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E7BE second address: C7E7C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E7C2 second address: C7E7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007FF900E20CC6h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E7D3 second address: C7E7DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E7DD second address: C7E805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF900E20CD4h 0x0000000a popad 0x0000000b jp 00007FF900E20CE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007FF900E20CC6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E805 second address: C7E814 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jl 00007FF9011B7456h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7ED76 second address: C7ED7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F079 second address: C7F093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007FF9011B7461h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F093 second address: C7F098 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7F098 second address: C7F0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7463h 0x00000009 jmp 00007FF9011B7465h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82CEC second address: C82CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82F87 second address: C82FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7465h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FA0 second address: C82FA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FA6 second address: C82FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FB0 second address: C82FB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FB6 second address: C82FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FBA second address: C82FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF900E20CCBh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FF900E20CC8h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FF900E20CD8h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FEF second address: C83011 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FF9011B7456h 0x0000000e jmp 00007FF9011B7464h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83011 second address: C83015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83156 second address: C8316F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B7465h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8316F second address: C83198 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnl 00007FF900E20CC6h 0x0000000d jnl 00007FF900E20CC6h 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007FF900E20CD2h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83198 second address: C831AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF9011B7461h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C831AE second address: C831B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C835B2 second address: C835D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF9011B745Fh 0x00000009 popad 0x0000000a jg 00007FF9011B7462h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C838C1 second address: C838DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCBh 0x00000007 jne 00007FF900E20CC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FF900E20CC6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C838DE second address: C838E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C920BA second address: C920DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CD3h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FF900E20CCCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8FFFB second address: C90005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF9011B7456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90005 second address: C90017 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C901BC second address: C901CE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF9011B7456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C901CE second address: C901D3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9049A second address: C904A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF9011B7456h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90753 second address: C90768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FF900E20CC8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90768 second address: C9076E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9076E second address: C90781 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF900E20CCCh 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C908D6 second address: C908DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C908DC second address: C908E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90EE7 second address: C90EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90EED second address: C90EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90EF3 second address: C90EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C90EF7 second address: C90F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9175E second address: C91777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007FF9011B7456h 0x0000000c jmp 00007FF9011B745Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F1C second address: C91F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F22 second address: C91F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 jmp 00007FF9011B7468h 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF9011B745Ah 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F53 second address: C91F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FF900E20CD7h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F73 second address: C91F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F79 second address: C91F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F7D second address: C91F83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97AB5 second address: C97AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 je 00007FF900E20CC6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97803 second address: C9781F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FF9011B7464h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAB066 second address: CAB08C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF900E20CCBh 0x00000007 jmp 00007FF900E20CD7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAB08C second address: CAB0DB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF9011B7468h 0x00000008 jmp 00007FF9011B7469h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 ja 00007FF9011B745Ch 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAC72 second address: CAAC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAADDB second address: CAADDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFC6A second address: CAFC79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF900E20CCBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFC79 second address: CAFC96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FF9011B7456h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007FF9011B745Ah 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB76AB second address: CB76AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0B96 second address: CC0B9B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF6D1 second address: CBF6DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF900E20CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF6DD second address: CBF6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF85E second address: CBF863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF863 second address: CBF870 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jp 00007FF9011B7456h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFC89 second address: CBFCA0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF900E20CC6h 0x00000008 jmp 00007FF900E20CCDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFCA0 second address: CBFCB4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF9011B7458h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007FF9011B7456h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFCB4 second address: CBFCB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBFE29 second address: CBFE2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC08CF second address: CC08E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FF900E20CC6h 0x00000009 jmp 00007FF900E20CCBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC41CB second address: CC41D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC41D1 second address: CC41EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF900E20CCFh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC41EC second address: CC4215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF9011B7456h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FF9011B7469h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0963 second address: CD0995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF900E20CD0h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF900E20CD7h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0995 second address: CD099B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD68B6 second address: CD68F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF900E20CC6h 0x0000000a jmp 00007FF900E20CD8h 0x0000000f jmp 00007FF900E20CD1h 0x00000014 popad 0x00000015 jo 00007FF900E20CCCh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB250 second address: CDB256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB256 second address: CDB27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF900E20CCBh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF900E20CCEh 0x00000012 je 00007FF900E20CCCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB27F second address: CDB283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB283 second address: CDB288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE7C95 second address: CE7CAA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF9011B745Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9D29 second address: CE9D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jng 00007FF900E20CC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9D38 second address: CE9D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03EF4 second address: D03EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D030CB second address: D030D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D030D1 second address: D030E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jne 00007FF900E20CCEh 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D030E7 second address: D030F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007FF9011B745Eh 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03234 second address: D03238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03238 second address: D0324C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF9011B7456h 0x00000008 jns 00007FF9011B7456h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0324C second address: D03252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03252 second address: D03266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF9011B7462h 0x0000000c jc 00007FF9011B7456h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0339C second address: D033A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D037B5 second address: D037BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D037BD second address: D037C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D037C3 second address: D037DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF9011B7461h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D037DB second address: D037F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FF900E20CC6h 0x00000009 js 00007FF900E20CC6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D037F2 second address: D037F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03C2E second address: D03C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03C34 second address: D03C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF9011B7468h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05605 second address: D05609 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05609 second address: D05631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF9011B745Bh 0x0000000b popad 0x0000000c push edi 0x0000000d jno 00007FF9011B745Ch 0x00000013 pushad 0x00000014 jng 00007FF9011B7456h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D08527 second address: D0852D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0852D second address: D08543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FF9011B745Bh 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09DE5 second address: D09E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FF900E20CD4h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5340D8C second address: 5340D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5340D92 second address: 5340D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EE70 second address: C1EE7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF9011B7456h 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A63E6E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A61052 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A63DB9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C9DA4B instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 1428

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A45BB0 LdrInitializeThunk,

0_2_00A45BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: qProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
sergei-esenin.com	unknown	unknown	false	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
studennotediw.store	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
eaglepawnoy.store	true	unknown
bathdoomgaz.store	true	unknown
clearancek.site	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://player.vimeo.com	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearancek.site:443/apiiH	file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.y	file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/LIjb7	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com:443/profiles/76561199724331900	file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/api	file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://login.st	file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2289952024.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dL	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steambroadcast.akamaized.ne	file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://127.0s	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apiW	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apiN=pc	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306868819.0000000001592000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://mobbipenju.store:443/api	file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81	file.exe, 00000000.00000003.2292734958.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2289952024.000000000153C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306800106.000000000153C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/TIbb6	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://spirittunek.store:443/apii	file.exe, 00000000.00000002.2306587147.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.clo	file.exe, 00000000.00000002.2306800106.000000000154B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2292734958.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2289764069.000000000157A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2291557386.0000000001589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2306587147.000000000151C000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542005
Start date and time:	2024-10-25 12:32:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 104.102.63.47
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, wildcard.weather.microsoft.com.edgekey.net, e15275.d.akamaiedge.net, tile-service.weather.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
06:33:18	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	9FvJxhtNOD.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	Get hash	malicious	Unknown	Browse	2.16.202.58
	9FvJxhtNOD.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	184.50.112.86
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	104.119.207.229
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	K3Kvd8JYGV.elf	Get hash	malicious	Unknown	Browse	104.118.46.106
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	8DKuAcmAMT.elf	Get hash	malicious	Unknown	Browse	23.45.0.112
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	9FvJxhtNOD.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Credit_Details2251397102400024.xla.xlsx	Get hash	malicious	Unknown	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.501779306500837
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'006'976 bytes
MD5:	896418905011db3776f73ad7fa70a8be
SHA1:	0f5bfde63012a1311ee8f6363d5d6d50899db759
SHA256:	63375a7cf3fbf5b233ac070617e238c90135c66459f1c19a31af356a721b1ed9
SHA512:	26e0ecd483c3d8191171270878b7a2970ce9f28e63aa7465af69d020107a6dfbaa8861270350c077f962f543bda78f42bcbba8037ea90c8514af845acff035a3
SSDEEP:	24576:ormPBww1qVw7XgXeI1LbOw8jurYtp8F3y0CFdrENMiICoLW1u1RCVPhQ6Gt7+pFk:orm5/gXfOw6uG7Rfq12CT/OzaDVk
TLSH:	9DD54B92A90976CBD48E27789527CEC2589C07F9071188C3AAAC747E7E77CC617B7C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................`1...........@...........................1......[....@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x716000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF90086301Ah
xadd byte ptr [00000000h], ch
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	c096775e8de00be150e968dabd3f8a0e	False	0.9994585396039604	data	7.97403648784397	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
laydecdw	0x60000	0x2b5000	0x2b4c00	508b6e3f5f5239251738628925cff75c	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
esyilstb	0x315000	0x1000	0x400	d81b8484e283533c80c37063ccfc433e	False	0.837890625	data	6.4978999122015475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x316000	0x3000	0x2200	94aa1d89beadc127f03d51ae1a5f51b4	False	0.04940257352941176	DOS executable (COM)	0.5536229758940848	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T12:33:19.692511+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.6	63447	1.1.1.1	53	UDP
2024-10-25T12:33:19.706985+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.6	64181	1.1.1.1	53	UDP
2024-10-25T12:33:19.718511+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.6	55253	1.1.1.1	53	UDP
2024-10-25T12:33:19.731020+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.6	52235	1.1.1.1	53	UDP
2024-10-25T12:33:19.744776+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.6	65395	1.1.1.1	53	UDP
2024-10-25T12:33:19.756517+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.6	62685	1.1.1.1	53	UDP
2024-10-25T12:33:19.768203+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.6	56895	1.1.1.1	53	UDP
2024-10-25T12:33:19.780319+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.6	53514	1.1.1.1	53	UDP
2024-10-25T12:33:21.530443+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49721	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 12:33:19.823208094 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:19.823229074 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:19.823307037 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:19.826920986 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:19.826932907 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:20.694042921 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:20.694165945 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:20.696106911 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:20.696119070 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:20.696516991 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:20.744101048 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:20.787369967 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530502081 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530564070 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530668974 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530687094 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530721903 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530771017 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.530771017 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.530781984 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.530816078 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.530816078 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.530823946 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.647938967 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.647967100 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.648005009 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.648030996 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.648037910 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.648094893 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.652833939 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.652879953 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.652884960 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.652896881 CEST	443	49721	104.102.49.254	192.168.2.6
Oct 25, 2024 12:33:21.652982950 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.670718908 CEST	49721	443	192.168.2.6	104.102.49.254
Oct 25, 2024 12:33:21.670727968 CEST	443	49721	104.102.49.254	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 12:33:19.692511082 CEST	63447	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.703273058 CEST	53	63447	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.706984997 CEST	64181	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.716147900 CEST	53	64181	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.718511105 CEST	55253	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.729754925 CEST	53	55253	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.731019974 CEST	52235	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.742506981 CEST	53	52235	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.744776011 CEST	65395	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.754296064 CEST	53	65395	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.756516933 CEST	62685	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.765558958 CEST	53	62685	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.768203020 CEST	56895	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.779057026 CEST	53	56895	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.780318975 CEST	53514	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.789918900 CEST	53	53514	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:19.805237055 CEST	52041	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:19.817739010 CEST	53	52041	1.1.1.1	192.168.2.6
Oct 25, 2024 12:33:21.806417942 CEST	65169	53	192.168.2.6	1.1.1.1
Oct 25, 2024 12:33:21.817794085 CEST	53	65169	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 12:33:19.692511082 CEST	192.168.2.6	1.1.1.1	0xddbd	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.706984997 CEST	192.168.2.6	1.1.1.1	0x51bd	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.718511105 CEST	192.168.2.6	1.1.1.1	0xd94	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.731019974 CEST	192.168.2.6	1.1.1.1	0xd70d	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.744776011 CEST	192.168.2.6	1.1.1.1	0x2a3f	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.756516933 CEST	192.168.2.6	1.1.1.1	0x1174	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.768203020 CEST	192.168.2.6	1.1.1.1	0x6116	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.780318975 CEST	192.168.2.6	1.1.1.1	0x312d	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.805237055 CEST	192.168.2.6	1.1.1.1	0x5e8b	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:21.806417942 CEST	192.168.2.6	1.1.1.1	0xb14a	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 12:33:19.703273058 CEST	1.1.1.1	192.168.2.6	0xddbd	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.716147900 CEST	1.1.1.1	192.168.2.6	0x51bd	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.729754925 CEST	1.1.1.1	192.168.2.6	0xd94	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.742506981 CEST	1.1.1.1	192.168.2.6	0xd70d	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.754296064 CEST	1.1.1.1	192.168.2.6	0x2a3f	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.765558958 CEST	1.1.1.1	192.168.2.6	0x1174	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.779057026 CEST	1.1.1.1	192.168.2.6	0x6116	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.789918900 CEST	1.1.1.1	192.168.2.6	0x312d	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:19.817739010 CEST	1.1.1.1	192.168.2.6	0x5e8b	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 25, 2024 12:33:21.817794085 CEST	1.1.1.1	192.168.2.6	0xb14a	Name error (3)	sergei-esenin.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49721	104.102.49.254	443	3664	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-25 10:33:20 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-25 10:33:21 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 25 Oct 2024 10:33:21 GMT Content-Length: 35741 Connection: close Set-Cookie: sessionid=348a2921c885650f223f8570; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=None
2024-10-25 10:33:21 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-25 10:33:21 UTC	16384	IN	Data Raw: 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuit
2024-10-25 10:33:21 UTC	3768	IN	Data Raw: 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 Data Ascii: c1cdfeb_full.jpg"></div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{"focusable":true,"clickOnActivate":true}" class="pe
2024-10-25 10:33:21 UTC	1122	IN	Data Raw: 70 72 6f 70 65 72 74 79 20 6f 66 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 Data Ascii: property of their respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.

Target ID:	0
Start time:	06:33:15
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa00000
File size:	3'006'976 bytes
MD5 hash:	896418905011DB3776F73AD7FA70A8BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	62.7%
Total number of Nodes:	51
Total number of Limit Nodes:	5

Executed Functions

Function 00A450FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00A45182

Strings

@^, xrefs: 00A45120
<I$), xrefs: 00A452E3
<I$), xrefs: 00A45198

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 93016dadc4eda18e3ebb5cc1ecfcc338a7962c232028e0d1ea4d1f44c1c56caa
Instruction ID: 634bed4c55be8b9922268347907789e5a1b3be0b83f00d379f3ae5e0907a1193
Opcode Fuzzy Hash: 93016dadc4eda18e3ebb5cc1ecfcc338a7962c232028e0d1ea4d1f44c1c56caa
Instruction Fuzzy Hash: 4421D1395083848FC700DFA8D88072AB7F4BB9A341F69482CE0C5D7362D731DA15CB46

Function 00A0FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V, xrefs: 00A0FEDC
J|BJ, xrefs: 00A1000D
VY^_, xrefs: 00A0FDFF
t, xrefs: 00A0FCBE

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: bcf81ec31394d8b74e3e5f72f81e44ad7c7170b5ebeeb44c3b003484ac73d401
Instruction ID: 4398a3b75dfb2270db1886f8c16bc595f5bd6a13df7ca57b2a03361edc94f8d6
Opcode Fuzzy Hash: bcf81ec31394d8b74e3e5f72f81e44ad7c7170b5ebeeb44c3b003484ac73d401
Instruction Fuzzy Hash: F7D1887550C380AFD320DF149590A9FBBE2AB96B44F18882CF4C99B252D375CD89DB92

Function 00A0D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00A0D2F1

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 950f5e9d4206fff49cd7afb558f67699229b4780b6c0e4022d8cde98441acce5
Instruction ID: 5e06d1760c5356049c7afaf1fb1c0c5142d2808d69e64d5f6d76ad739e5cd5ab
Opcode Fuzzy Hash: 950f5e9d4206fff49cd7afb558f67699229b4780b6c0e4022d8cde98441acce5
Instruction Fuzzy Hash: 5F41657540D384ABC301BBA8E695A2EFBF5AF96704F148C0CE5C49B292C336D8148B67

Function 00A45700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00A45784

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6fb3be5562dc284b88d7b837fcafd648682754369b1181c0024ce5e053802d93
Instruction ID: 3ede434b22e7bd9721c23de3f08e4a7c897db4265b1a867d6007bb9c9bac84bc
Opcode Fuzzy Hash: 6fb3be5562dc284b88d7b837fcafd648682754369b1181c0024ce5e053802d93
Instruction Fuzzy Hash: E4119E7991C240EBC701AF28E940A1BBBF5EFD6711F058C2CE4C49B212D335D811CB92

Function 00A45BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00A4973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00A45BDE

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00A4695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00A469C5

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: e8f0b204e3fb657ceef62ffc34ed747b7f9ebf0b39174603e6dd8bf85e3f057c
Instruction ID: 75fd6f25c97c4d392ded0d092a22d2e017307955caf4fcc54d18e96c07efacba
Opcode Fuzzy Hash: e8f0b204e3fb657ceef62ffc34ed747b7f9ebf0b39174603e6dd8bf85e3f057c
Instruction Fuzzy Hash: 6431A8B59183019FD718DF24C8A072AB7F1FFCA385F48882CE5C6A72A1E3349904CB56

Function 00A1049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af57b16604143790faa0aa3c380b9f0416021ba66b39ee0078f89cc55eb7fcdb
Instruction ID: 191a23f2e2d40b2bd800d6f8dfd0bc132ad96914d199fc75ddaf6298c41b62f3
Opcode Fuzzy Hash: af57b16604143790faa0aa3c380b9f0416021ba66b39ee0078f89cc55eb7fcdb
Instruction Fuzzy Hash: 17919C79200B00CFD324CF65E890A27B7F6FFC9315B118A6DE8568BAA1D771E856CB50

Function 00A10228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adddcebd2899f2c06fd65cd6faf6ec024c32043fbf1213611018ff02ad0a866c
Instruction ID: 5ccfde43f504cb0898cf466f3b62b7ce53673cf6af3a3a32c2bcbb717488357b
Opcode Fuzzy Hash: adddcebd2899f2c06fd65cd6faf6ec024c32043fbf1213611018ff02ad0a866c
Instruction Fuzzy Hash: 59717A78200700DFD724CF61E894B27B7F6FFCA315F108969E8568BA62D771A856CB50

Function 00A499D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1f282b918a90bb14a6a4f3f96887de5d9f934efa427272ec4040ae25184e45
Instruction ID: 6dae77504e44d3c662f429dc749ede43013f46aa0e88a8a95814fecb6b79fef7
Opcode Fuzzy Hash: 6a1f282b918a90bb14a6a4f3f96887de5d9f934efa427272ec4040ae25184e45
Instruction Fuzzy Hash: 19419D38608300AFD714DB65D991B2BB7A6EBC5755F24882CF58A97251D331EC22CB62

Function 00A463B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c1cf92b9e24716839eb6a52cb2b05efdd6e10dc29905c901c54552e4d5b2542e
Instruction ID: a2a98886a88623ced8ab19822f717fd18ee35ebc32870aa59b2cc49956976a8c
Opcode Fuzzy Hash: c1cf92b9e24716839eb6a52cb2b05efdd6e10dc29905c901c54552e4d5b2542e
Instruction Fuzzy Hash: 5F31E478649301BBDA24DB54CE92F3AB7A5FBC6B52F64890CF1815B2E1D370B8118B52

Function 00A10EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0a10f50806748a6cc6f30e434c8f1858338a74e808994bdd2e28acf0650567
Instruction ID: bf95228320a287fe7e867e1b34d569d9cf469816166bab4b5612d496e16fe3b4
Opcode Fuzzy Hash: ab0a10f50806748a6cc6f30e434c8f1858338a74e808994bdd2e28acf0650567
Instruction Fuzzy Hash: B02139B490021A9FDB15CF94CC90FBEBBB1FF4A304F144809E511BB292C775A952CB64

Function 00A43220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00A432A6

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: eac75b9d3b51153f98564dff5956345cea0b0a79190afdf8eabf65404b93293e
Instruction ID: d0f6105ca2683cc7da218b7bba50423d8af7591d5cdae785f889a936e15da6b9
Opcode Fuzzy Hash: eac75b9d3b51153f98564dff5956345cea0b0a79190afdf8eabf65404b93293e
Instruction Fuzzy Hash: 44016D3550D3409BC701EF58E849A1ABBE8EF9A711F054D1CE5C58B361D335DD60CB92

Function 00A43202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00A43208

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 11c99a1ea2c5b39a6d767ac65d7fbc2f749aed71645070b1cd06fd03e76981ae
Instruction ID: 3337da048c28ea7e2418ccf596603d09e5d91f6dece4f1ecd3ea49213c30775b
Opcode Fuzzy Hash: 11c99a1ea2c5b39a6d767ac65d7fbc2f749aed71645070b1cd06fd03e76981ae
Instruction Fuzzy Hash: 45B012300401005FDA141B00FC0AF003510FB00606F800050A100140B1D1615865C555

Non-executed Functions

Function 00A323E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

mlc@, xrefs: 00A3275C
ggxz, xrefs: 00A32685
{l`~, xrefs: 00A3268C
|}&C, xrefs: 00A32F21
#v, xrefs: 00A3344B, 00A34861
fedc, xrefs: 00A32782
:, xrefs: 00A332DD
f@~!, xrefs: 00A325FF
aenQ, xrefs: 00A3276A
`tii, xrefs: 00A32693
Cx, xrefs: 00A3453D
3<, xrefs: 00A332D6
%*+(, xrefs: 00A340EF

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
API String ID: 0-2260822535
Opcode ID: 702556a11cc8df981f5299870154fc42c79018486e6f163686a9c283a2b75c69
Instruction ID: e8b9a5ae4fda5df6879bc9536563bac461b076708dcc54860d5d16a056fa788a
Opcode Fuzzy Hash: 702556a11cc8df981f5299870154fc42c79018486e6f163686a9c283a2b75c69
Instruction Fuzzy Hash: 9F33AA70504B818FD7258F39C590B62BBF1BF16304F58899DE4DA8BA92C735F906CBA1

Function 00A1DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

89>?, xrefs: 00A1E9F6
D, xrefs: 00A1E846
LKJI, xrefs: 00A1E6E6
mjkh, xrefs: 00A1E7D8
dcba, xrefs: 00A1E728
tsrq, xrefs: 00A1E6FC
89&', xrefs: 00A1E93B
()./, xrefs: 00A1E9CA
@ONM, xrefs: 00A1E6DB
|, xrefs: 00A1ECB1
:WUE, xrefs: 00A1F6B7, 00A1F6C6
%*+(, xrefs: 00A1DE37, 00A1DE46
AR, xrefs: 00A1DD10
WP, xrefs: 00A1DCEF
xgfe, xrefs: 00A1E71D
tuJK, xrefs: 00A1E967
<=:;, xrefs: 00A1E930
`Y^_, xrefs: 00A1E99E
DCBA, xrefs: 00A1E887, 00A1E896
<=2, xrefs: 00A1EA01
`onm, xrefs: 00A1E733
T, xrefs: 00A1F157
QNOL, xrefs: 00A1E775
lkji, xrefs: 00A1E73E

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: aeaa7d07c0bebe41df6013b17327e1a433e8ba57301ed0b693264d46f91d169c
Instruction ID: eb17f968733bd307bff6101b1d3f9cebe656a1fdad7f4f39104a61ef0eb6b214
Opcode Fuzzy Hash: aeaa7d07c0bebe41df6013b17327e1a433e8ba57301ed0b693264d46f91d169c
Instruction Fuzzy Hash: 95F256B55093819FD770CF14C894BEBBBE6BBD5344F14482CE8C98B292E7319985CB92

Function 00A29F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

]{, xrefs: 00A2A1E7, 00A2A1F3
Gt, xrefs: 00A29FF8
JG, xrefs: 00A2AA27
S], xrefs: 00A2A636
=], xrefs: 00A2A36A
WH, xrefs: 00A2AA1C
/), xrefs: 00A2A66D
%e6g, xrefs: 00A2A152
_Y, xrefs: 00A2A641
?m,o, xrefs: 00A2A13C
hi, xrefs: 00A2AB9D
N[, xrefs: 00A2A375
sm, xrefs: 00A2A830
WQ, xrefs: 00A2A62B
kW, xrefs: 00A2A380
(a*c, xrefs: 00A2A147
CG, xrefs: 00A2AA32

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: efa2344e0921b53619aa272d2146c6589f6ab60dad71f0abf63efd3151fd2151
Instruction ID: 5eb0c30c88217d31c7646a92e57b5716a72fe17191160837b16bb02c8666bd89
Opcode Fuzzy Hash: efa2344e0921b53619aa272d2146c6589f6ab60dad71f0abf63efd3151fd2151
Instruction Fuzzy Hash: 2752C7B444D385CAE270CF65D681B8EBAF1BB92740F608A2DE1ED9B255DB708045CF93

Function 00A29510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

G+X5, xrefs: 00A29AF3
z=Q?, xrefs: 00A29826
T#a-, xrefs: 00A29AE3
B7U1, xrefs: 00A29AFB
;IJK, xrefs: 00A2983E
O+f), xrefs: 00A29634, 00A2963D
?M0K, xrefs: 00A29968
pq, xrefs: 00A299E0
,A&C, xrefs: 00A2982E
8;, xrefs: 00A29B13
B?Q9, xrefs: 00A29B0B
X/R), xrefs: 00A29AEB
G'M!, xrefs: 00A29ADB
!E4G, xrefs: 00A29836
2A"_, xrefs: 00A29980
L3Y=, xrefs: 00A29B03

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 017d1d14eea64b2296cd1b71d00a47c9fefa798b3e1f0d0bf90aa292b432c4e8
Instruction ID: 5e35f5b89a377e355b9d722a7e8773d455b8e4333757579e9a45366ffb61925b
Opcode Fuzzy Hash: 017d1d14eea64b2296cd1b71d00a47c9fefa798b3e1f0d0bf90aa292b432c4e8
Instruction Fuzzy Hash: 03F140B4508380ABD310DF59E981A2BBBF5FB8AB44F144D2CF4D59B252D334D909CBA6

Function 00A2DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

<Y.[, xrefs: 00A2E27D
,Q?S, xrefs: 00A2E26F
-M2O, xrefs: 00A2E25A
n\+H, xrefs: 00A2DDC0
upH}, xrefs: 00A2DE8A, 00A2E798, 00A2DF4A
Y9N;, xrefs: 00A2E245
hX]N, xrefs: 00A2DDC7
=]+_, xrefs: 00A2E276
)IgK, xrefs: 00A2E261
%*+(, xrefs: 00A2E143
{E, xrefs: 00A2E323

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 4ea26b28e2a12482d1d59d21892e57d7bf5511fd4d8d242e3aaa1503d69c743b
Instruction ID: ea295d6086a435d19b4930ad8871e77fbfbfa9c6d39a342c5a95f4544634d30c
Opcode Fuzzy Hash: 4ea26b28e2a12482d1d59d21892e57d7bf5511fd4d8d242e3aaa1503d69c743b
Instruction Fuzzy Hash: 0D921871E00215CFDB14CFA8E8517AEBBB2FF49311F298268E455AB391D735AD42CB90

Function 00BD7F71 Relevance: 11.6, Strings: 8, Instructions: 1650COMMON

Download Yara Rule

Strings

%m{, xrefs: 00BD806A
10=, xrefs: 00BD7FB9
Zu, xrefs: 00BD820E
|*0;, xrefs: 00BD874B
WPw, xrefs: 00BD9083
Bw{, xrefs: 00BD89AD
Bbz, xrefs: 00BD9262
O4?, xrefs: 00BD8721

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %m{$10=$Bw{$Bbz$O4?$WPw$Zu$|*0;
API String ID: 0-373622737
Opcode ID: 356e61507cf3de890fa9d998fe0956fcd176aeed360043fb30a1bec99d4ddd9a
Instruction ID: 3128158fb194b42ddbf1a490002f8fa80ad93062eb0387f8e998bfb3462941e2
Opcode Fuzzy Hash: 356e61507cf3de890fa9d998fe0956fcd176aeed360043fb30a1bec99d4ddd9a
Instruction Fuzzy Hash: 2AB24BF3A0C2049FE304AE2DDC8567ABBE9EF94320F1A463DE6C5C7744E93598058697

Function 00BE55EA Relevance: 11.6, Strings: 8, Instructions: 1593COMMON

Download Yara Rule

Strings

apD, xrefs: 00BE5D4F
.[9, xrefs: 00BE687C
KCx<, xrefs: 00BE5B6E
R6_, xrefs: 00BE62C9
df}[, xrefs: 00BE56D5
T<}, xrefs: 00BE5697
1Be, xrefs: 00BE6127
%)__, xrefs: 00BE6489

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: T<}$%)__$1Be$KCx<$R6_$df}[$.[9$apD
API String ID: 0-181243213
Opcode ID: 28edcea4e617c71f4b8670755d005c5a5fedff6d6319a46cb2e1cc01b296b841
Instruction ID: e7c60dea7d2d5bb4a84b69656b55e10d772a08e6f46b41040b1e4dbda7b5fb28
Opcode Fuzzy Hash: 28edcea4e617c71f4b8670755d005c5a5fedff6d6319a46cb2e1cc01b296b841
Instruction Fuzzy Hash: 17B203F360C204AFE304AE29EC8567AFBE9EF94720F16893DE6C4C7744E63558418796

Function 00BD9AD4 Relevance: 11.6, Strings: 8, Instructions: 1558COMMON

Download Yara Rule

Strings

=}Km, xrefs: 00BD9D31
9T;~, xrefs: 00BDA5DF
"Lo, xrefs: 00BD9E92
Ix/, xrefs: 00BDAB19
1XnW, xrefs: 00BD9B13
p{~, xrefs: 00BDA047
N"k<, xrefs: 00BDA4F5
Grq, xrefs: 00BDA8DD

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: "Lo$1XnW$9T;~$=}Km$Grq$Ix/$N"k<$p{~
API String ID: 0-2470460277
Opcode ID: b08ac23801402b6976eba99b3830f32858b9c26be6b43cc6faaa1f124a4f9132
Instruction ID: f91e5419e75c4212e6ce2f09c006aa0ec76d641dc4b10dcc59b9f29e30f5cc70
Opcode Fuzzy Hash: b08ac23801402b6976eba99b3830f32858b9c26be6b43cc6faaa1f124a4f9132
Instruction Fuzzy Hash: 8DA205F3A0C2049FE3046E2DEC8567AFBE9EF94320F1A4A3DE6C4C7744E67558058696

Function 00A2098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A20A77, 00A20A86
cah`, xrefs: 00A2107E
qrqp, xrefs: 00A21089
&> &, xrefs: 00A20F89
gce/, xrefs: 00A21073
9.5^, xrefs: 00A20F9F
{, xrefs: 00A21502
,#15, xrefs: 00A20F94

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 7b5ee62f48efd9a02b210e4f11d0b4e65fee105d0697d3fab25e264223aee489
Instruction ID: 39ecfc23eccc7054af6ca1b6f13d7159a77594718755731f409fbe42d0520d1c
Opcode Fuzzy Hash: 7b5ee62f48efd9a02b210e4f11d0b4e65fee105d0697d3fab25e264223aee489
Instruction Fuzzy Hash: B7629BB16083918BD730CF18E891BABB7E1FF96354F044D2DE49A8B682E3759941CB53

Function 00A01000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

-, xrefs: 00A021ED
@, xrefs: 00A02C40
gfff, xrefs: 00A022E1
gfff, xrefs: 00A02297
gfff, xrefs: 00A02226
0123456789abcdefxp, xrefs: 00A01587, 00A015F8
0123456789ABCDEFXP, xrefs: 00A0157D, 00A015EB

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: 5506c52117c67d1ccd07d0b74798e88338473d912cf692c672bc6e9cdecf8e9a
Instruction ID: cf61ce52aa02d42f46a97cedd10be550d5e2af05bdac83d75c1f74eea4df5a3c
Opcode Fuzzy Hash: 5506c52117c67d1ccd07d0b74798e88338473d912cf692c672bc6e9cdecf8e9a
Instruction Fuzzy Hash: AFD2F3726083458FD718CF28D89436ABBE2AFD9314F188A2DE4998B3D1D774DD45CB82

Function 00BD323F Relevance: 8.8, Strings: 6, Instructions: 1299COMMON

Download Yara Rule

Strings

?G], xrefs: 00BD3CBC
46~, xrefs: 00BD347F
3Un/, xrefs: 00BD35B8
3Un/, xrefs: 00BD3688, 00BD3720
59>~, xrefs: 00BD39FD
hCwK, xrefs: 00BD37EC

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 3Un/$3Un/$46~$59>~$?G]$hCwK
API String ID: 0-1774104270
Opcode ID: 96d782ea0b9dbade2b22c4a9b511b3a7912d4ac716a3fa9ed6992cd89ad03d9f
Instruction ID: 271bb851dcb57e1beffba401c2168c3a5b0fa21bcfc9f3401a842a7e64c2c066
Opcode Fuzzy Hash: 96d782ea0b9dbade2b22c4a9b511b3a7912d4ac716a3fa9ed6992cd89ad03d9f
Instruction Fuzzy Hash: 8F9244F36082049FE304AE2DEC8567AFBE9EF94720F1A493DEAC4C7744E63558058697

Function 00BE3A8F Relevance: 7.9, Strings: 5, Instructions: 1661COMMON

Download Yara Rule

Strings

(a?:, xrefs: 00BE41C0
sh, xrefs: 00BE4066
`AO>, xrefs: 00BE4B08
#4}}, xrefs: 00BE4019
=0/?, xrefs: 00BE3AF0

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: sh$#4}}$(a?:$=0/?$`AO>
API String ID: 0-299289494
Opcode ID: dbf16ba49e005a814bc13b4f8af340916f70abc6ee3681cf6927b199ca56486b
Instruction ID: db07d0a27219aae889da2798b2144f4760c443b4514fd955333f9964a057d567
Opcode Fuzzy Hash: dbf16ba49e005a814bc13b4f8af340916f70abc6ee3681cf6927b199ca56486b
Instruction Fuzzy Hash: 7FB237F3A0C2109FE3046E2DEC8567ABBE5EF94720F1A893DE6C5C7744EA3558418693

Function 00BCF73C Relevance: 7.9, Strings: 5, Instructions: 1648COMMON

Download Yara Rule

Strings

8/, xrefs: 00BCFB66
)$], xrefs: 00BD0461
d7V~, xrefs: 00BD077E
AK\, xrefs: 00BD0A06
ZF~, xrefs: 00BD065C

Memory Dump Source

Source File: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: )$]$8/$AK\$ZF~$d7V~
API String ID: 0-118914779
Opcode ID: f88dd0ad78e7b550f26ce084c8f88d4a9b69e9a53763a6d83c3f10d815b43580
Instruction ID: e1aa50a966d5104d390f7b6c329decfd9ada0bebc0416dc2367a41154bb3aa13
Opcode Fuzzy Hash: f88dd0ad78e7b550f26ce084c8f88d4a9b69e9a53763a6d83c3f10d815b43580
Instruction Fuzzy Hash: EAB24AF360C2049FE3046E2DEC8567ABBE9EF94720F1A493DEAC4C7744EA3558058697

Function 00BD494D Relevance: 7.9, Strings: 5, Instructions: 1610COMMON

Download Yara Rule

Strings

r~, xrefs: 00BD4F55
pDw., xrefs: 00BD562C
-_~}, xrefs: 00BD5897
d8z~, xrefs: 00BD58E8
C9&, xrefs: 00BD57E3

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: -_~}$C9&$d8z~$pDw.$r~
API String ID: 0-311856721
Opcode ID: 840fb1616493b77b869407615ec85c6c62bde9b63346fa1e3abc5f99200ed4d5
Instruction ID: 55d135e1d309c83e1d598cc693c22896fae1b6abf60b8c5d1fd44c8749e5477c
Opcode Fuzzy Hash: 840fb1616493b77b869407615ec85c6c62bde9b63346fa1e3abc5f99200ed4d5
Instruction Fuzzy Hash: 77A20AF3A08200AFE7146E2DEC8577AB7D9EBD4720F1A453DEAC4C7744EA3598018697

Function 00A012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 00A01E88
0, xrefs: 00A0243E
0, xrefs: 00A01DC1
@, xrefs: 00A03531
i, xrefs: 00A028EA

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: bd86e0824df0bb45253ff46a878656bfba7b32214080c8e5c7e33fa9129b7dfe
Instruction ID: d71e4562e26bb0151aa96b592c0148455f154bbc729892c579b898ee20b7e5f6
Opcode Fuzzy Hash: bd86e0824df0bb45253ff46a878656bfba7b32214080c8e5c7e33fa9129b7dfe
Instruction Fuzzy Hash: 7362E07160C3858FD318CF28D49876ABBE1AFD5308F188A2DE8D9872D1D775D949CB82

Function 00A0164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00A01F3C
+, xrefs: 00A01573
0123456789abcdefxp, xrefs: 00A01659
gfff, xrefs: 00A01F57
0123456789ABCDEFXP, xrefs: 00A0164F

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: 2d6fdbb85eeb18dad1c8bc75a7a48e9fc823154c16f468cf2a6a5a20b477d74e
Instruction ID: 53ccb99bc2c0561ecfe333e88fe808dc82886af988a550c0302866199e57564f
Opcode Fuzzy Hash: 2d6fdbb85eeb18dad1c8bc75a7a48e9fc823154c16f468cf2a6a5a20b477d74e
Instruction Fuzzy Hash: C4F1BF3160C3858FC715CF29D48436AFBE2ABD9304F188A6EE4D987392D735D949CB92

Function 00BD1306 Relevance: 6.7, Strings: 4, Instructions: 1709COMMON

Download Yara Rule

Strings

A~|, xrefs: 00BD1D01
5?}, xrefs: 00BD253F
t_, xrefs: 00BD1C6D
A]m, xrefs: 00BD1B0A

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 5?}$A]m$A~|$t_
API String ID: 0-2463669731
Opcode ID: 217d216b1a0e19e177a499830f12f4db2bacd7882d3225f21194732225faae07
Instruction ID: 354022d4ad80a6c5930677fb9bca6520b25ae9488f5279d3d1a32512f7afa2de
Opcode Fuzzy Hash: 217d216b1a0e19e177a499830f12f4db2bacd7882d3225f21194732225faae07
Instruction Fuzzy Hash: 06B228F3A0C214AFE3046E2DEC8567BB7E9EF94760F164A3DEAC4C3744E93558018696

Function 00A013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 00A01F3C
-, xrefs: 00A01F23
0123456789abcdefxp, xrefs: 00A013AD
gfff, xrefs: 00A01F57
0123456789ABCDEFXP, xrefs: 00A013A3

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: f90d4dace90713dd9d06e68bb59830dee6132d2115cc72a32ec6a4e1d594d83b
Instruction ID: 1596c36b93e431fbf7a09b3f3d2dc4c121ef135fd95ad7c378529110f28eb118
Opcode Fuzzy Hash: f90d4dace90713dd9d06e68bb59830dee6132d2115cc72a32ec6a4e1d594d83b
Instruction Fuzzy Hash: 8AD1AF3560C7858FC715CF29D48426AFBE2AFD9308F08CA6EE4D987392D634D949CB52

Function 00BE1F29 Relevance: 6.6, Strings: 4, Instructions: 1627COMMON

Download Yara Rule

Strings

i~, xrefs: 00BE2E94
cz~:, xrefs: 00BE26BD
[{oN, xrefs: 00BE2838
{m, xrefs: 00BE3161

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: [{oN$cz~:$i~${m
API String ID: 0-4269627309
Opcode ID: 02d0c62b3a0015730c693d2eeff7c2aba3e0eed5e53270b0184b381eb22bc17a
Instruction ID: 2d13e84e1692d0dedbd3afcd492fb126cca8033361ef544245656da9a6a4b340
Opcode Fuzzy Hash: 02d0c62b3a0015730c693d2eeff7c2aba3e0eed5e53270b0184b381eb22bc17a
Instruction Fuzzy Hash: 2DB2F8F3A082109FE3046E2DDC8577ABBE5EF94720F1A893DEAC4C7744E63598058697

Function 00A2FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

uvw, xrefs: 00A2FE95
NA_I, xrefs: 00A3036D
m1s3, xrefs: 00A2FEC3, 00A2FECB
:, xrefs: 00A30087

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 43fd894c6880f6462fbef677d4ef6b1dee20975f520907fba0c0bf35dcf2f4a8
Instruction ID: e12ceffbe67339ec9f3ba084779521a6287855db5f55758d49d33ee42861f9b2
Opcode Fuzzy Hash: 43fd894c6880f6462fbef677d4ef6b1dee20975f520907fba0c0bf35dcf2f4a8
Instruction Fuzzy Hash: E53298B0908380DFD311DF69D890B2BBBE1BB8A355F144A6CF6D58B2A2D335D905CB52

Function 00A13BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A13EC4
ss, xrefs: 00A13C79
;z, xrefs: 00A13C87
p, xrefs: 00A13C80

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 3c0ba65b550f703e9126804a173dd25e7b6c44fd71b245e931777a42e0db9fb3
Instruction ID: ff57f7028ec40f5d4e44f5d7254969c7c15a15619001e1b6b7ab09806274e858
Opcode Fuzzy Hash: 3c0ba65b550f703e9126804a173dd25e7b6c44fd71b245e931777a42e0db9fb3
Instruction Fuzzy Hash: 22026DB4810B00EFD760DF29D986756BFF5FB06300F50895CE89A8B685E331E459CBA2

Function 00A22260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 00A2232F
sj, xrefs: 00A22327
lc, xrefs: 00A22507
a|, xrefs: 00A22317

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 98cb54a0f5f61f650e106c4775b6e0ae5e5d3f49647780208797f563a8305b5c
Instruction ID: 0fdf2db65abad160a47cf0e343b483612f2226801dcfc21d2c691fed1574246a
Opcode Fuzzy Hash: 98cb54a0f5f61f650e106c4775b6e0ae5e5d3f49647780208797f563a8305b5c
Instruction Fuzzy Hash: 73A19A704083519BC720DF18D891B2BB7F0FF95754F588A1CE8D99B2A1E339E941CBA6

Function 00BDEA0D Relevance: 5.4, Strings: 3, Instructions: 1614COMMON

Download Yara Rule

Strings

S]k, xrefs: 00BDEADF
k#7~, xrefs: 00BDF4BC
ne, xrefs: 00BDEF18

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: k#7~$S]k$ne
API String ID: 0-3856835202
Opcode ID: 19a6d22623e06540dbe588079ed66fe0a6ecec9bb63500415b3189775e0fe4ae
Instruction ID: ffd181e9f776e2c116faad1997c981d76745df875d97da52a995a78b2ac8d1c0
Opcode Fuzzy Hash: 19a6d22623e06540dbe588079ed66fe0a6ecec9bb63500415b3189775e0fe4ae
Instruction Fuzzy Hash: C2B205F3A0C204AFE3046E29EC8567AFBE9EF94720F16493DEAC4D3744E63558058696

Function 00A2D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

#', xrefs: 00A2D9EA
T>, xrefs: 00A2D984
KV, xrefs: 00A2D97D
CV, xrefs: 00A2D98B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: d096b6bbbb9a297bbd74e181e4aaa71f3e50d661d50608bce2ef634e246f19b9
Instruction ID: 4e4e754996334911ca681ae2694de6f60ba1d1a59ab0c5e37a73c7e64adca519
Opcode Fuzzy Hash: d096b6bbbb9a297bbd74e181e4aaa71f3e50d661d50608bce2ef634e246f19b9
Instruction Fuzzy Hash: 6D8156B48017459FCB20DFA5D28556EBFB1FF16300F60461CE486ABA56C330AA55CFE2

Function 00A2AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 00A2ACA9
,{*y, xrefs: 00A2AD07, 00A2AD13
(g6e, xrefs: 00A2ACA1
lk, xrefs: 00A2ACBC

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 18301f829b247643d074a8113f86c6305938def8229c673da17cc11cb1218a5d
Instruction ID: 28f05b633649ff49c7cb9cc48f79ce77c7bd18b0778a9ef1da2b9629be00770d
Opcode Fuzzy Hash: 18301f829b247643d074a8113f86c6305938def8229c673da17cc11cb1218a5d
Instruction Fuzzy Hash: 7B4163B4408381CBD7209F24E900BABB7F0FF96306F54996DE5C897260EB71D945CB96

Function 00A2C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A2C9E4, 00A2C9ED
~/i!, xrefs: 00A2C537
%*+(, xrefs: 00A2C8C3, 00A2C8CB

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 24ac14435e395953198363cfad9991dc54ea1df220c063d58fec17e95d27820c
Instruction ID: 54f6459fb00fba8d4537e5e406bf3ef65f84af972313704b9d04c57471250b02
Opcode Fuzzy Hash: 24ac14435e395953198363cfad9991dc54ea1df220c063d58fec17e95d27820c
Instruction Fuzzy Hash: 52E164B5918340DFE320DF68E881B2EBBF5FB85355F48882CE58987251E735D816CB92

Function 00A08590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00A0860C
IEND, xrefs: 00A089F0
), xrefs: 00A08616

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: f3d6453f89525be9e102dfac9acd18f7959ac448697a17fd75079d9fa45cd79e
Instruction ID: 6ebe178828e4ccf395cd4893a2dc73430e5d2e0c331b324ed88b10d224ec6a1c
Opcode Fuzzy Hash: f3d6453f89525be9e102dfac9acd18f7959ac448697a17fd75079d9fa45cd79e
Instruction Fuzzy Hash: 9FE1F2B1A087099FE310CF28E88172ABBE0BB94354F144A2DE5D5973C1DB79E915CBC6

Function 00BE0D5F Relevance: 3.4, Strings: 2, Instructions: 905COMMON

Download Yara Rule

Strings

jR^s, xrefs: 00BE10EA
J0g{, xrefs: 00BE0FE5

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: J0g{$jR^s
API String ID: 0-3847910658
Opcode ID: 74a9c360249b9148c38e932d526ffc5034a9a80c10de5e90b6414d6ee40f6b54
Instruction ID: e10bf7c91c08511ab27ec5783a91f9d95ee4c1742a6ffcbe0314bb8dc8536095
Opcode Fuzzy Hash: 74a9c360249b9148c38e932d526ffc5034a9a80c10de5e90b6414d6ee40f6b54
Instruction Fuzzy Hash: FC521AF3A0C2049FE7046E2DDC8577ABBE9EF94720F1A453DEAC4C3744EA3598058696

Function 00A44040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00A4420C
%*+(, xrefs: 00A440A4, 00A440AD

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: a0594a32a0a09880dc5b7a658120fa9567aadcc5f6563e1e45a456c9d8000f22
Instruction ID: 84fa049c03f0cff30f119179a334f70a0600396b524778a5e1692ab8d7d21e24
Opcode Fuzzy Hash: a0594a32a0a09880dc5b7a658120fa9567aadcc5f6563e1e45a456c9d8000f22
Instruction Fuzzy Hash: 7012AC796083419FC714CF28C890B2EBBE2FBC9314F188A2CF5959B291D775E945CB92

Function 00A3F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 00A3F6E6
dg, xrefs: 00A3F7F5

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 496fe194fbdaa6c8c87133be901c935c5579dbee2710b6cee9973063a37d070e
Instruction ID: 6b1724966e000077feb6621d736a8146675393d20df79b9ebd49ee26c9891add
Opcode Fuzzy Hash: 496fe194fbdaa6c8c87133be901c935c5579dbee2710b6cee9973063a37d070e
Instruction Fuzzy Hash: D4F19571A28301EFE704CF65E891B2ABBF6FB86355F14992CF0858B2A1C735D845CB12

Function 00A035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 00A03607
NaN, xrefs: 00A0360E

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 694c281de4acfc769072dfefa8a98a7ead9041c1d9911ec4db80cc84ad6b217e
Instruction ID: 586d8bda7a9a06bf264dd58c71978e65ea6c03ba385119780760f3e592525739
Opcode Fuzzy Hash: 694c281de4acfc769072dfefa8a98a7ead9041c1d9911ec4db80cc84ad6b217e
Instruction Fuzzy Hash: 73D1E472B183159BCB04CF29D98061FBBE5EBC8750F148A2DF999973E0E671DD058B82

Function 00B3A377 Relevance: 2.7, Strings: 2, Instructions: 245COMMON

Download Yara Rule

Strings

8+E, xrefs: 00B3A504
%wSu, xrefs: 00B3A45A

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %wSu$8+E
API String ID: 0-868060207
Opcode ID: 25579725f2abae6170438eb79de9eb6d2ad9f2429c9f3a26fc0341ea0216f63f
Instruction ID: 4cb82c329b07ecb05a19372a7dc8498e04e3cc7a991d3570b0134838f49ebeed
Opcode Fuzzy Hash: 25579725f2abae6170438eb79de9eb6d2ad9f2429c9f3a26fc0341ea0216f63f
Instruction Fuzzy Hash: E7714AF3A0C3009FE3086E3DDC9577ABBD9EBD8760F25863DE68583B44E97919014256

Function 00A1FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 00A200F6
BaBc, xrefs: 00A20197

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 72081e2ee40c9af2bc4d77346e65d3dac4b3199f169eaae40adcd1044d478106
Instruction ID: bdcd1960db60a2a785930fbed8daac0e82f38933a9c8ef53b9b4e874c9d9e876
Opcode Fuzzy Hash: 72081e2ee40c9af2bc4d77346e65d3dac4b3199f169eaae40adcd1044d478106
Instruction Fuzzy Hash: E051BCB16083918BD731CF18D881BABB7E0FF96360F09492DE4DA8B652E3749940CB57

Function 00A05160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00A054C8

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 4a5d253c247c0c51cc1ad52fc0eedd07f1d95e7cb39b1ad4763fc1688e7ce173
Instruction ID: 0a987faeea8602ad9ebad04be3e64b6a64cb7142df73faffe87aa09d53556bb8
Opcode Fuzzy Hash: 4a5d253c247c0c51cc1ad52fc0eedd07f1d95e7cb39b1ad4763fc1688e7ce173
Instruction Fuzzy Hash: BB22B2B6D08B498BE7158F38E940327BBA2AFA1314F1D896DD8594B2C1E771DC44DF42

Function 00A312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00A315D1

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: fd5ac88a55c726a55849bbe234dba7e84b09476c635166194181921e1711ed7e
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: D5F1F371A083415FC724CF28C491A6BBBE6AFC5354F1CC96DF89A8B382D634DD058792

Function 00A2AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A2B2D3, 00A2B2DB

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 31dc13a9605e34b8d85f74450bec9921f60f525e74756d994cdf3e50dd15ce4b
Instruction ID: 29e19ed901aca75cc8680234ad8b29d04c6597ec66f311e820c6a8a1cd6a951a
Opcode Fuzzy Hash: 31dc13a9605e34b8d85f74450bec9921f60f525e74756d994cdf3e50dd15ce4b
Instruction Fuzzy Hash: 15E1AA71518316CBC314DF28E89066EB7F2FF98792F54892CE8C587260E335E959CB92

Function 00A16EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A16EF3

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 77ea2ab868b274939fbd24e9858d380c36a4613680d04dfd551701c7c8a4de7a
Instruction ID: e302f74c2fd63026a6cee1b197f4a74db69cafc095f1b7fe7054e6e7995d761d
Opcode Fuzzy Hash: 77ea2ab868b274939fbd24e9858d380c36a4613680d04dfd551701c7c8a4de7a
Instruction Fuzzy Hash: C5F18EB9A00A05CFC724DF24E981A66B3F6FF89314B148A2DE497C7691EB31E855CB41

Function 00A27E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A28263, 00A2826B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 02760956ef1843d0326352790a4dcc066ca38fd5be0cbf67e59a18a4e1b32f60
Instruction ID: ea04295c391f19a6e34846015f7eef9a48017acf4c619c7a45f73b665bc5c874
Opcode Fuzzy Hash: 02760956ef1843d0326352790a4dcc066ca38fd5be0cbf67e59a18a4e1b32f60
Instruction Fuzzy Hash: F6C1D171909320ABD710EB18E942A2BB7F5EF95754F08892CF8C587291E738DD15CB63

Function 00A28D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A29233, 00A2923B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4188de037b622f86b15fe35fbd82d6df21f9cfd81699639ac44592d56769c5f1
Instruction ID: 71913af44a3e9ede6465c0955b735eb3b717e7bb2f6b8f8cd7bb81dfb4c83a81
Opcode Fuzzy Hash: 4188de037b622f86b15fe35fbd82d6df21f9cfd81699639ac44592d56769c5f1
Instruction Fuzzy Hash: A4D1BC71619302DFD704DFA8E890A6AB7F5FF88306F49487CE88687291D734E951CB51

Function 00A47FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00A48167

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 3e588fc16277c11f5e16f2c854f725af58296ecf0656823d626e3c908cd67c13
Instruction ID: b9744a4cf048ef0e6c07e985b8cd29f7809de5bf44e98b7f8cdf4191bc3c89be
Opcode Fuzzy Hash: 3e588fc16277c11f5e16f2c854f725af58296ecf0656823d626e3c908cd67c13
Instruction Fuzzy Hash: 3BD1D4769082658FC725CE18E89071EB7E1EBC5718F158A2CE8B5AB380DB75DC46C7C2

Function 00A2CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A2CDC3, 00A2CDCB

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: c8d9d36bf0b2c4f48214caee8e50c8df49e1dc9a05b74a156c8630341c42a505
Instruction ID: 607e8fb329b5c67a927ddaa8621a32ca105f2129b4eabb982b33362a93289749
Opcode Fuzzy Hash: c8d9d36bf0b2c4f48214caee8e50c8df49e1dc9a05b74a156c8630341c42a505
Instruction Fuzzy Hash: 9EB1EE70A083159BD714DF68E880A2FBBF2EF95360F14493CE5C58B252E335E955CB92

Function 00A0A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00A0A9C3

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 7b92efc3c444d14d26aa7f5cb9d020dd0e1936027de44ec435c1ba63f55fddde
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 41B128712083859FD324CF28D88061BFBE1AFA9704F448A2DF5D997382D671EA18CB57

Function 00A3FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A3FCA4, 00A3FCAD

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c59a80cab6f544f47e93eb7be7d84f1919ab59219768e3d406e1b025e2424261
Instruction ID: 9b248a81d68753fcbab586f9bd0615162b8e70f7dd51e8b62dd254ec38102c14
Opcode Fuzzy Hash: c59a80cab6f544f47e93eb7be7d84f1919ab59219768e3d406e1b025e2424261
Instruction Fuzzy Hash: DC81CC75928300AFD710DFA8E984B2AB7E5FB99746F14882CF58587251E730D815CB62

Function 00A1D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A1D663, 00A1D66B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: aec3f56bba8a738bed7d30bb65b1535aaf70b63b9ef54bb2a5021bf96985cd62
Instruction ID: 4662e4a8f034166e0ce1f53ee8db8d32a415f786fbb7d93d1c3a6faadf5ff3bc
Opcode Fuzzy Hash: aec3f56bba8a738bed7d30bb65b1535aaf70b63b9ef54bb2a5021bf96985cd62
Instruction Fuzzy Hash: 6B61D276908314DBD710EF68DC82A6BB3B1FF94365F08092CF9858B292E735E951C792

Function 00A44A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A44C33, 00A44C3B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c73c300c7ef8f57850c1f803d7a4041a949c6dac57bc5a2c1e2c4bcf5c4e8b01
Instruction ID: 7304fda465906e6c8a236f8acfbeb2856b89d381578d1af9d9d83249af8e4f3b
Opcode Fuzzy Hash: c73c300c7ef8f57850c1f803d7a4041a949c6dac57bc5a2c1e2c4bcf5c4e8b01
Instruction Fuzzy Hash: E661F279A083419FD711DF65C880B2ABBE6FBC8315F28892CE9C587291D771EC42CB52

Function 00B319DF Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

R{x, xrefs: 00B31B88

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: R{x
API String ID: 0-1082274541
Opcode ID: 951ce2495fdfb8e9973b946c5d8bffdf566da80a1ae210f9a4327ea686b04891
Instruction ID: fad57a29db9b4c61f14b784e2ac7930f0c850c1690296f95e7fa32fb59bb96a8
Opcode Fuzzy Hash: 951ce2495fdfb8e9973b946c5d8bffdf566da80a1ae210f9a4327ea686b04891
Instruction Fuzzy Hash: 3E518AB390831C4BE3447E2CDD4937ABB99DB90760F1B063DDE9453B85E83A6E0482C6

Function 00A0E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00A0E333

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: d885a9a29c40cc5d6db80d22f927317b347cd9750da07d88f491af14b0f619f0
Instruction ID: 8c6c17575c9ab1ea2e35e0abeeff95708029731d56d32516ee453d8bc021578e
Opcode Fuzzy Hash: d885a9a29c40cc5d6db80d22f927317b347cd9750da07d88f491af14b0f619f0
Instruction Fuzzy Hash: 5451683BB0A6944BD328C97C6C512A96E970BE7334B3DCB69E9F5CB3E1D51648016381

Function 00A43920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A439E3, 00A439EB

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8f8b10e2bc55be1b76b638ff44635624e920352b1ff681182d528b82e694121f
Instruction ID: 010667fc40b24b1c43ce64e8feb9397293a90f9d0a59301579436dd20770b5d7
Opcode Fuzzy Hash: 8f8b10e2bc55be1b76b638ff44635624e920352b1ff681182d528b82e694121f
Instruction Fuzzy Hash: BD517D3A6092409BCB24DF55D990A2EBBE5FFC9785F18882CE4C697252D372DD10CB62

Function 00A11BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00A11C3E

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: cacbebb62302eb4c31ee06e618c212e35e658e2d047b6b05a4f73c4f8de898bd
Instruction ID: b9ea2f82b706481b56d06f5b4f9ea161ac3f095963484cb7479543f3c15730dc
Opcode Fuzzy Hash: cacbebb62302eb4c31ee06e618c212e35e658e2d047b6b05a4f73c4f8de898bd
Instruction Fuzzy Hash: 414173B80083809BC7149F64D894A6FBBF0FF8A314F04991CF6C59B2A0E736C955CB96

Function 00AF6DDA Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

ld8, xrefs: 00AF6E1C

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: ld8
API String ID: 0-2603695911
Opcode ID: a96d4b168f3f6be2dce0de767b2196c5ead4352663c9aeddf5dcd89068cf9fa0
Instruction ID: ee37ba5cd555ee68be66942e62580e87fd64e4ee6122c7c17522146d6b96305f
Opcode Fuzzy Hash: a96d4b168f3f6be2dce0de767b2196c5ead4352663c9aeddf5dcd89068cf9fa0
Instruction Fuzzy Hash: 28418CF3A183045BE3442E29DC867BBB7DAEFE4360F1E452DD6C0C2744FA7898058246

Function 00A3FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A40033, 00A4003B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e43bbde16531aee7677d9b2b9d0338a9d2c36481227d89ea2955330ce9d41a97
Instruction ID: 302bac9f359bacf2c1c4f02edc9569f012c04cd9f27a32dbcb9854372b263434
Opcode Fuzzy Hash: e43bbde16531aee7677d9b2b9d0338a9d2c36481227d89ea2955330ce9d41a97
Instruction Fuzzy Hash: D23106B9A08305ABD610EB64EC81F2BB7E9EBC5745F544828FA85C7252E331DC14D7A3

Function 00A2E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00A2E6A2

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 01514ffad1304e80a47a673c567a1636661bd518d9449556054db07565fe589b
Instruction ID: 4ccb99b076ab57b2abce11656bcce7aa2b7355873c71a09b8bd3ccdd06f07db9
Opcode Fuzzy Hash: 01514ffad1304e80a47a673c567a1636661bd518d9449556054db07565fe589b
Instruction Fuzzy Hash: 6631D2B5A00314CFCB20CF99E9806BFB7B5FB0A745F140828E446A7341D335AD45CBA2

Function 00A16F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A1703B

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 8b26ddf92a1d2e0b950d96a9c40cb590faa9652ff3d5258c59d797b53f07ff2c
Instruction ID: 2d5c4bd065a645cd21341578d3b032a146aa7b65af24297b8b8c54b09f03406b
Opcode Fuzzy Hash: 8b26ddf92a1d2e0b950d96a9c40cb590faa9652ff3d5258c59d797b53f07ff2c
Instruction Fuzzy Hash: 6C414775604B04DBD735CF61C994F2AB7F2FB4D701F149918E5869BAA1E331F8418B10

Function 00A2E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00A2E6A2

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 31f5b850f608e2c91caa030cf5763c32391886b61b548c095b051251f2afc893
Instruction ID: 9fda445dbe3ee26b2262c549176f7834dea0b8db08de407f6108397b492ec933
Opcode Fuzzy Hash: 31f5b850f608e2c91caa030cf5763c32391886b61b548c095b051251f2afc893
Instruction Fuzzy Hash: 2321B0B1A00314CFC720CF99E990A7FBBB5BB1A745F14082CE446AB341C335AD41CBA2

Function 00A49CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00A49D30

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 1a4e6043da802d3a14dd3e088dd088e87a9eac3e3083de3f2c0af13cdebb6eb4
Instruction ID: 125123463db2ff55943e23bc44b4e85f0e7933d52772412a74415757fbd76e8e
Opcode Fuzzy Hash: 1a4e6043da802d3a14dd3e088dd088e87a9eac3e3083de3f2c0af13cdebb6eb4
Instruction Fuzzy Hash: 403152789083009BD710EF25D880A2BBBF9EBDA315F14892CE68897251E335D914CBA6

Function 00A14E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65299a01edae55387df3c9755566fe3f43c09d2bace40e9f9916c22ea2ddad2a
Instruction ID: 02c8b5f46f40af86661152c68a9656b8a276e35cbfa60d7ea598fcd7e440e86e
Opcode Fuzzy Hash: 65299a01edae55387df3c9755566fe3f43c09d2bace40e9f9916c22ea2ddad2a
Instruction Fuzzy Hash: 26625BB4900B00CFD725CF24D990B67B7F6AF89714F54892CD49A8BA92E735F884CB91

Function 00A0BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 5663070f6555d5a07b7afb48493ccf889190c3b6748bbf23e4493a440a2ea136
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 7E520A319087158BC7259F18E8802BAF3E1FFD5329F298B2DD9C6972C0D735A855CB86

Function 00A48652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff7b2c06eda17edbf989fb0c85207fe28c8ceefa3acb5bb92204ca5b7a3eb90
Instruction ID: cdfcd20f76745bcdc2fc589cafe315f2748dfbb26366684bbe4ad644b55ff468
Opcode Fuzzy Hash: 2ff7b2c06eda17edbf989fb0c85207fe28c8ceefa3acb5bb92204ca5b7a3eb90
Instruction Fuzzy Hash: AA22BB39608340DFD704DFA8E89062EBBF1FB8931AF09896DE58987361D735D991CB42

Function 00A486F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b667aea7c5520e7013dba61c320e51fe5e61471fd55cb838dc0ab3ec7c2699b
Instruction ID: 59ffee5f0a865b67644699e75f70844bbd3c4439228980f74d935912ff320098
Opcode Fuzzy Hash: 6b667aea7c5520e7013dba61c320e51fe5e61471fd55cb838dc0ab3ec7c2699b
Instruction Fuzzy Hash: 7A229B39608340DFD704DFA8E89061EBBF1FB9A31AF09896DE58987361D735D891CB42

Function 00A0B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a0e04b152f1a06622e95bc69fda68204ed3d67d7dbeb682f04005e32698e3d2
Instruction ID: 32d2e9506fbeb431c398c5cd1c33259f863512c87100aa50b5592ce17ce66413
Opcode Fuzzy Hash: 3a0e04b152f1a06622e95bc69fda68204ed3d67d7dbeb682f04005e32698e3d2
Instruction Fuzzy Hash: DF52E270A18B8C8FE734CB24D5847A7BBE2AF95314F144C6DC5E606BC2C779A884CB61

Function 00A071F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 665a7c9c33e4f6bf516ad4c29cc219d8000e274905db4a2358f6ff961e8895f7
Instruction ID: d47a7533a3b4953041cf3b07c3e6b9a4bbc049e9048bcbd880f898854fd6272d
Opcode Fuzzy Hash: 665a7c9c33e4f6bf516ad4c29cc219d8000e274905db4a2358f6ff961e8895f7
Instruction Fuzzy Hash: 5852C43190C3498FCB15CF19D0906AEBBE1BF88314F198A6DE8D95B391D774E989CB81

Function 00A08FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11554c39e1f0102c2f2dcd3b9a646c3c0133d6c17f9c8cd92a55e950c5d64a6d
Instruction ID: 9e74f5b747a02edc9900332ad98455ab735e4994758f91c5be78fd71ed02f9d5
Opcode Fuzzy Hash: 11554c39e1f0102c2f2dcd3b9a646c3c0133d6c17f9c8cd92a55e950c5d64a6d
Instruction Fuzzy Hash: 0B425779608305DFD704CF28E85075ABBE1BF89315F09886DE4858B3A2D736E986CF42

Function 00A07BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ec3a4079f2c0ca7742b8bb3aafbf6852d6c10bf415b4e6f97e69634240e86f
Instruction ID: 3a1dc3636ee2dda5998efb0658e60509f76659aef87eed9742c524a7bf139226
Opcode Fuzzy Hash: 92ec3a4079f2c0ca7742b8bb3aafbf6852d6c10bf415b4e6f97e69634240e86f
Instruction Fuzzy Hash: D6324270914B198FC328CF29D59056ABBF2BF85710B604A2ED6A787F90DB36F845CB14

Function 00A489A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0aea6296ce32b1e4e3979b48ed0265d2d61e652fd5f6205402f857eafe4fa15
Instruction ID: 996ad3a7f8c4b18b07dc11bfd7d84114072b985465e38a53d1048292c49f5673
Opcode Fuzzy Hash: e0aea6296ce32b1e4e3979b48ed0265d2d61e652fd5f6205402f857eafe4fa15
Instruction Fuzzy Hash: 9C02AA34608340DFC704DFA8E88061EBBF5FF8A31AF09896DE58987261C735D965CB92

Function 00A48A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c32e8725ce753811f6d9a925e1cdd20cf9a447af0a3261b8512cf665d738c53
Instruction ID: 3742f4b58b61ee85005be0273b3b64be293ef26b5fe4f681982ae6dca824e94e
Opcode Fuzzy Hash: 6c32e8725ce753811f6d9a925e1cdd20cf9a447af0a3261b8512cf665d738c53
Instruction Fuzzy Hash: F5F1883560C340DFD704DF68E88061EBBE5FB8A31AF09896DE4C987261D736D961CB92

Function 00A48C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d5536df786313df319e2d3587d8784952fa94280867abdc44309677813c913a
Instruction ID: c73255cc7431190b37f6b0f846e9d0c49b5640b2f5862726aea7a71bf690c9e6
Opcode Fuzzy Hash: 5d5536df786313df319e2d3587d8784952fa94280867abdc44309677813c913a
Instruction Fuzzy Hash: 6DE1BD35608350CFC704DF68E88066EB7F5BB8A31AF09896CE5C987361D736E951CB92

Function 00A0A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: a420b014751f6a34205481b0e392ebdede8fdfe4bbcb7df76bc20d65c88ec38d
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: F2F1BF766087458FC724CF29D88166BFBE6BFE8300F08892DE4C587791E635E949CB52

Function 00A48E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfaf3d246c56f576367dc3bbb0b5955f92638c0e937da0c115652bd698fdccc5
Instruction ID: 8ad994bb22f9be6dc8aee242c5857d5f3a5fc36b0a9179b9bfdaa0f0e2fed415
Opcode Fuzzy Hash: dfaf3d246c56f576367dc3bbb0b5955f92638c0e937da0c115652bd698fdccc5
Instruction Fuzzy Hash: 7AD17A3460C350DFD704EF68E88062EBBE5BB9A319F09896DE4C587261D736D861CB92

Function 00A14487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4354ce68bdb479c46bb9cee60ca471502412bc2a1486831b143e5acebd26835
Instruction ID: d15a8ac5208171a71ce48815f5e50589b2ceecf33935d500715f8be36775e950
Opcode Fuzzy Hash: e4354ce68bdb479c46bb9cee60ca471502412bc2a1486831b143e5acebd26835
Instruction Fuzzy Hash: 4FE100B9601B008FD325CF28E992B97B7E1FF4A704F04886CE4AACB752D735B8558B54

Function 00A46CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d21279e903c9037928b81550c98d732317398bb33fe2d81416dc329cf22fa1
Instruction ID: 33f325a327f7f25c0f94547ec00d99756bf56067a9bffbd8471d13eec012e277
Opcode Fuzzy Hash: 90d21279e903c9037928b81550c98d732317398bb33fe2d81416dc329cf22fa1
Instruction Fuzzy Hash: 7DD10436A1C355CFCB14CF78D88052ABBE2BB8A355F094A6CE891C7391D334DA49CB91

Function 00A47AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d077a26f16b000755d3a29d805baaf328e402637b1d032f2a98160df9ed04d2
Instruction ID: af9f73a928f732ac7125959ff79ca30bbbb5b18b7b71b1048274f2421272460d
Opcode Fuzzy Hash: 0d077a26f16b000755d3a29d805baaf328e402637b1d032f2a98160df9ed04d2
Instruction Fuzzy Hash: D3B1F576A083904BE724DB68CC4176FB7E5EBC4314F084A2DE99997391E735DC058B92

Function 00A0AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: a0695e712bfd2f9a85902f8fb05fa352dd15440c355ee5caadea7b8e1f6741e8
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 46C18CB2A187458FC360CF28DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB16

Function 00A16536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38a3a0842a059a5325f3b1d145763658f733d29d03c4cda95482211c87ffdd8b
Instruction ID: 2d6ed72dc9f593e47325917451794f43c5994e38143645caa2b48d1347dbebe0
Opcode Fuzzy Hash: 38a3a0842a059a5325f3b1d145763658f733d29d03c4cda95482211c87ffdd8b
Instruction Fuzzy Hash: 7EB1F2B4500B408FD325CF24DA81B57BBF2AF4A704F14885CE8AA8BB92E775F845CB55

Function 00A47710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 286e8fc71331e5d7504d60615fc679fa0401a5cbf4337f1c9d16fbc2fbda45a0
Instruction ID: dd9f045c6e2cf0a38b3a64f14c9831a76be276bac1372b31d9f835697f62dc42
Opcode Fuzzy Hash: 286e8fc71331e5d7504d60615fc679fa0401a5cbf4337f1c9d16fbc2fbda45a0
Instruction Fuzzy Hash: D5916B79A08381ABE720DB64D840B6FBBE5EBC9355F548C2CF58597352E730E940CB92

Function 00A4A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eaca4ba81135fa92048fa8b247be6a868bbb39ace1730ac778bda9ba13ce249
Instruction ID: bd4c0a2d7e6fcce84091f3cb55cab52291d90f691e893d421daec1d49186c96f
Opcode Fuzzy Hash: 8eaca4ba81135fa92048fa8b247be6a868bbb39ace1730ac778bda9ba13ce249
Instruction Fuzzy Hash: 48818C386487018FD724DF68D890A2AB7F5FFA9740F55892CE586CB261E731EC11CB92

Function 00A364F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702fb6b2ff6677a65a6ce3a7d5c050eb493c128617a16732ff3e487be6aaface
Instruction ID: d3097fbb2fb2856596e1f35296cfd51004a93336d326572f541035c19bf6783f
Opcode Fuzzy Hash: 702fb6b2ff6677a65a6ce3a7d5c050eb493c128617a16732ff3e487be6aaface
Instruction Fuzzy Hash: 8771E637B69A904BC3149D7C9C82395AA934BE7334F3DC379B9B48B3E5D62A48064350

Function 00A228E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d77d57a0a7acd4950d9a6d00a9f8e066fcf73054e68ec665587e1982233d7a
Instruction ID: da4907061be6882a7ae39daf68008fe277c59a7ab9808d18b189a6f0f123cdb9
Opcode Fuzzy Hash: 33d77d57a0a7acd4950d9a6d00a9f8e066fcf73054e68ec665587e1982233d7a
Instruction Fuzzy Hash: 846177B45083609BD310AF19E851A2BBBF1FFA6751F08492CF8C59B261E339D911CB67

Function 00A27C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e67d9abf8400928db1728af0c781ff221ca1fe8a3b56b27f52be2b952c50926
Instruction ID: f9233130db4333aad774e1febe6da1ac4cf7832fff04c1583ac4f9d1a20577cd
Opcode Fuzzy Hash: 0e67d9abf8400928db1728af0c781ff221ca1fe8a3b56b27f52be2b952c50926
Instruction Fuzzy Hash: B351A1B1608224ABDB209F28DC92B7B33B4EF85764F144568F9858B391F375DE05C762

Function 00B690C0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af975eadcddf0208c4a8d074416675f7eaaa55d3a457371562ca7db2f8b4e554
Instruction ID: d753ce5e046bae89d2303fe3d26f3efd5e9356ad2150bc23f880ab9f96d8e3d9
Opcode Fuzzy Hash: af975eadcddf0208c4a8d074416675f7eaaa55d3a457371562ca7db2f8b4e554
Instruction Fuzzy Hash: E361E7F3A082104FE308AE3DDD4576AB7E5EF94320F17463DEAC8C7784E97998058686

Function 00A31860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 97bddf8607fe2f20979bc891e8f2dd077a43a6405d254d1580938770443b7de0
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 9561CD31A09301ABD714CF29C98072FBBE2ABC9391F68C92EF4898B351D770DD859742

Function 00A382D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35353c684e9c1835ffbfb26bf69bfb17804b0bcd79fa973c2f83063a621c06b8
Instruction ID: 3697857fd34c60800a3fb2ae849389af07f1f8b0ad1a4811e5a85b7517a84520
Opcode Fuzzy Hash: 35353c684e9c1835ffbfb26bf69bfb17804b0bcd79fa973c2f83063a621c06b8
Instruction Fuzzy Hash: 0D614837B5AB904BC314863C5C563A6AA931BD2730F3EC366B8B58F3E5CD6E48024341

Function 00B034AD Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b83123a720f9ec2309afe8ac221877488f64f98420ff2dee765c9bff05b680
Instruction ID: e1f22759b0a4567156ad0d5fd9a395d30b6bbb179eead987f28231aa9ab64a3b
Opcode Fuzzy Hash: a5b83123a720f9ec2309afe8ac221877488f64f98420ff2dee765c9bff05b680
Instruction Fuzzy Hash: B961C2F3A083009FF304AE69EC8577ABBE5EB98720F16853DDAC8C3744E63558018796

Function 00AF3F07 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21dfd715d74477ed4a1ad579cd8c80ecbcb1813c681f48fa40cd3af1db190427
Instruction ID: 45919b18f52a14c41ee00b6ef044e514c9a90ea433dac948d3693458c84d532a
Opcode Fuzzy Hash: 21dfd715d74477ed4a1ad579cd8c80ecbcb1813c681f48fa40cd3af1db190427
Instruction Fuzzy Hash: 0A61C3F3E082105BF3146E29DC8076AB7D6EBD4320F2B463DDE8893384D97E6C158696

Function 00A142FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1056870474855339aedbfebe79b6ff6567b8b8a0bdbe53a97e2634f4d572f3a1
Instruction ID: 2678530107fe535ec13fe9e59fec85b2b4e78cde03d70c3f38c57757095d1e03
Opcode Fuzzy Hash: 1056870474855339aedbfebe79b6ff6567b8b8a0bdbe53a97e2634f4d572f3a1
Instruction Fuzzy Hash: E881D4B4810B00AFD360EF39DA47797BEF4AB06301F404A1DE4EA97695E7306459CBE2

Function 00BDE132 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa40dc6b98648d3d1279592d444a2b5e6942cc8489c8a96ba46c4b187bf6ed7c
Instruction ID: 7dcabdc39321e82eeb9b4919a0271e135a7127e5344565775c57f88ad6f1ec78
Opcode Fuzzy Hash: aa40dc6b98648d3d1279592d444a2b5e6942cc8489c8a96ba46c4b187bf6ed7c
Instruction Fuzzy Hash: 8951B3F350C600AFE7186E19EC85BABBBD9EF94720F0A853DE6C483740E67558018696

Function 00A3E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 68871f8300c191e05060a8d578cfc89df90685b6c1be6a687dc459d650ef3e80
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 03515DB1A087548FE314DF69D49435BBBE1BBC5358F044E2DE4E987390E379DA088B82

Function 00B898F6 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbaa1af38b64a95e9aeb6af08604ddeb20d748731d27882e71e8bdc85287fc9
Instruction ID: 812995f80421330fa8a3a7b4a97ab97fab5ca994d621aba59b0fb7506734b1f3
Opcode Fuzzy Hash: 2fbaa1af38b64a95e9aeb6af08604ddeb20d748731d27882e71e8bdc85287fc9
Instruction Fuzzy Hash: 9A51A2F3D08110ABE3106E19DC4576ABBE5EB94720F1B493DEBD893780E63A981586C6

Function 00A47520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3dc46750bfad0908be9d117d3da797cc9394eb5f167796f943cb817a4b541b
Instruction ID: 776d6d3b5d8fef6ae54b0ada8b2ece8a6d3a06c7f2493dcb3e78d37f032246e5
Opcode Fuzzy Hash: bf3dc46750bfad0908be9d117d3da797cc9394eb5f167796f943cb817a4b541b
Instruction Fuzzy Hash: A8510239A0C250ABC7149F18DC90B2EB7E2FBC9355F698A2CE8D557391D731AC0187A1

Function 00A05A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967029700b058fd218287e8a733eeabe144358c9eff4c5af1003ec6f60beee33
Instruction ID: 17eeacd2ed74e458b3f408a4553ef6673815178869cce42af0c6bf32d5166c0c
Opcode Fuzzy Hash: 967029700b058fd218287e8a733eeabe144358c9eff4c5af1003ec6f60beee33
Instruction Fuzzy Hash: E051B2B5E047089FD714DF24E890927B7A1FF86364F15466CE8968B392D631EC42CF92

Function 00B4A4E0 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acecef7aa0493b69b9051af29699dfe401deb3c9ec871032ff9bca1dbe47af4c
Instruction ID: 6f301b7452c9a2726d94f722969c72959eeaf3a3cf9af85c66f6889eaa1695af
Opcode Fuzzy Hash: acecef7aa0493b69b9051af29699dfe401deb3c9ec871032ff9bca1dbe47af4c
Instruction Fuzzy Hash: 424156F3A183081FF3486A2CDC95776B7CAEBD4320F29863DE595C7788E83999058256

Function 00ABCDF5 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cdbd4513deb7cd93b70ab74a0539172aaa191093aae9f015021c9f790a90848
Instruction ID: ab719304550a97e9f43da2c806e3f3774e3470f2810ab6915743941164b07ad1
Opcode Fuzzy Hash: 1cdbd4513deb7cd93b70ab74a0539172aaa191093aae9f015021c9f790a90848
Instruction Fuzzy Hash: BA417EF3D0011857E3586528EC6A77A7796D7A0310F3B023DDB4697780FD7E59188286

Function 00A2EC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bceb476d9aa55deded33e7a4e607903b61874b607733e1b098b1a71767a95ef
Instruction ID: 175735db4bdc6ed5230fcd52dcf0d91af666c2e62c3568b4aa2d5095c746e8d8
Opcode Fuzzy Hash: 8bceb476d9aa55deded33e7a4e607903b61874b607733e1b098b1a71767a95ef
Instruction Fuzzy Hash: 6D419078900325DBDF20CF98EC91BBAB7B1FF0A350F544558E945AB390EB38A951CB91

Function 00A49B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c1dca80c328866a4d404963eb76fb6600c1bc30362ba57fe01afb5ff372ebd
Instruction ID: 9fc08ea82f21aa6d5948b84037aad033f07a9d2b63ad48b0f539a77061a558bb
Opcode Fuzzy Hash: d6c1dca80c328866a4d404963eb76fb6600c1bc30362ba57fe01afb5ff372ebd
Instruction Fuzzy Hash: 66418F38608300AFD710DB55D9D1B2BB7E6EBC9711F54882CF5899B251D335EC21CB62

Function 00A12030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743ab5411906dbddb11fe91ab86421fba4f97d9ef7ee03073882cc09b094dbf2
Instruction ID: d997c8e24e743249691670bdfb62344c60df824975093ac50037710876f2112d
Opcode Fuzzy Hash: 743ab5411906dbddb11fe91ab86421fba4f97d9ef7ee03073882cc09b094dbf2
Instruction Fuzzy Hash: A941F776A083654FD35CCF29849037ABBE2ABC9310F09862EE4D6873D4DA748D95D781

Function 00A11E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d2c67d7598bce09c7a8edad4eb609adaf0e6802c4e579366a158cfd46deaba
Instruction ID: 7f47b358dd8630172fd970b79ed5c752546e548405606418af54ab76847adf8c
Opcode Fuzzy Hash: b6d2c67d7598bce09c7a8edad4eb609adaf0e6802c4e579366a158cfd46deaba
Instruction Fuzzy Hash: 13411F745083809BD320EB59C884B2EFBF5FB8A385F144D1DF6C497292C37AE8558B66

Function 00A48D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f12c77b2910bc94c4f5fb6467fc7f2298c3ea23ecc629d120419435561abf3e
Instruction ID: 01fa71d422b7ea3d267af2c7cc0fc045d13bc734b90ef2d3945e4346726d2fa6
Opcode Fuzzy Hash: 2f12c77b2910bc94c4f5fb6467fc7f2298c3ea23ecc629d120419435561abf3e
Instruction Fuzzy Hash: C641BF35A0D2508FC704EF68D49052EFBE6AFD9300F198A2DD4D9D72A1DB79DD018B92

Function 00A1D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9abc52c27472d1ae20ad0af909a41a4a91ab4925d6ae47a465339483f61b492
Instruction ID: 637b4c8cc4c9e82930fe15b04e7a10f8be5a25e9d3dd044a94806a4bf9a7b77a
Opcode Fuzzy Hash: d9abc52c27472d1ae20ad0af909a41a4a91ab4925d6ae47a465339483f61b492
Instruction Fuzzy Hash: A441CDB16483918BD730DF14C841BAFB7B1FF963A1F040958E48A8BB91E7744881CB53

Function 00A3F030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: ff888d23233dc3b92808a4d3097ac2e7647c2127487737ff5871a10bca431351
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: CE210732D082244BC7289B5DC58163BF7E4EB9A704F06863EE9C4A7295E3359C1487E1

Function 00A467EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb24994a2f92d59fd83ae7c89009b0999dc60ddab9ff36ead5e6a4615fcaecc9
Instruction ID: daf5920f0eee6b31c3f525eab59fc3282ec7753857b9bc6b41e55d9db7e06d9c
Opcode Fuzzy Hash: bb24994a2f92d59fd83ae7c89009b0999dc60ddab9ff36ead5e6a4615fcaecc9
Instruction Fuzzy Hash: BE3113745183829AE714CF14C49062FBBF0AFD6785F54580DF4C8AB262D338D985CB9A

Function 00A25E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0ced0681a9fc3a82476554efee98356c6f63579459339497045956f2fbad70
Instruction ID: 16a554ad2ab3d54ed3eb1038d53aec69000ae622c797d8a79ec4f578edf976d2
Opcode Fuzzy Hash: ae0ced0681a9fc3a82476554efee98356c6f63579459339497045956f2fbad70
Instruction Fuzzy Hash: 5B21A1709082219BC310AF28DA4193BB7F4FF96765F45892CF4D59B291E334C900CBA3

Function 00A049A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 42b44990fcec5105d4be2468baae1f49f9652d873f9f9554df67223995e4c0fa
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: B631D8B17482049FD7109F58E88092BB7E1FF8D398F18893CE99A872C1D231DC52CB46

Function 00A464B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cbba1cd33384b0280225829f7f399693fa7a9200d7e3b4647d6100f328e1014
Instruction ID: c6a276099a6347cf7b96544ffac717b482956ebeb05ce466811ed1f958a3ac83
Opcode Fuzzy Hash: 1cbba1cd33384b0280225829f7f399693fa7a9200d7e3b4647d6100f328e1014
Instruction Fuzzy Hash: 2C2127786082409BCB04EF59D590A2EBBE5FBDA745F28881CE4C597261C335A851CB63

Function 00A3B650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 3326f5a46e748f5efa60913040e240036c864293dea2d4ca88ad48ef11c7c9ac
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E011E533A151D80EC3168E3C8441565BFA31AE3234F598399F4B89B2D3D7328D8A9374

Function 00A30B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: eba43cb13581ac4c2b0fd6f2f9756608ef3c3a97d8bde9ab747cc962a2972601
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 0E0171F5B0030647E720DF54A5E1F3BF2A96F80B68F18452CF84657242DB75EC05C6A1

Function 00A2D1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c6cf9f10e8128d830f40494f088932b3793d1e95074a14b87e04c9cb83a1e2
Instruction ID: f0e0fd91cd091e403f6b832bda8dd243c1827dee49d60cd3586ac8b71f3d5791
Opcode Fuzzy Hash: f3c6cf9f10e8128d830f40494f088932b3793d1e95074a14b87e04c9cb83a1e2
Instruction Fuzzy Hash: CD11DBB0408380AFD3109F658594A2FFBE5ABA6714F248C1DF6A49B252C379E819CB56

Function 00A06EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af317d775d3698376dde92c32dab4988cb95033ef4254df23c15cdcf5788f55c
Instruction ID: 9f568d5245b3719e2a337a6f593fedc4c28c667581fc1d692c0581d6b5576273
Opcode Fuzzy Hash: af317d775d3698376dde92c32dab4988cb95033ef4254df23c15cdcf5788f55c
Instruction Fuzzy Hash: 4BF0BB3E71521E0BB210CEAAF8C4837B396D7D9359B145538EA41D3241DD72E8165190

Function 00A3B8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00A1C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00A1B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 2e34603a156bea809800a63d1ec67c2c1e8d823094d75c346c1ec0bdceff19fc
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 87F0ECB16145105BDF32CA559CC0FB7BB9CCB8B354F190426F84557143D2719885C3F5

Function 00A38220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b93e6af7c1a6ef15ebce9b2ad12db9f6df594577d05ae31ef6cc2ac8a36940b
Instruction ID: 412bf9754ffae0acdd1ee03d82ca7c0026d2311155c38ccd4f454ef3f144f6d7
Opcode Fuzzy Hash: 9b93e6af7c1a6ef15ebce9b2ad12db9f6df594577d05ae31ef6cc2ac8a36940b
Instruction Fuzzy Hash: B901E4B44107009FC360EF29C485747BBE8EB48714F004A1DE8AECB680D771A5448B82

Function 00A41440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 42a0494800c930b049a4c218ecea91fe458e771f5e46567169c696f0df3285a8
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 78D0A775608321469F748F19E400977F7F0EAC7B11F89955EF686E3148D230DC81C2A9

Function 00A11ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0907e2a4be0cccdfd1e6d8407945c31a021d64048aef887cd070b3c00b6dc3bb
Instruction ID: c90ea114a765343fbb89c4eeae8f43be25f30903a3400f3b5218daf6ee51154a
Opcode Fuzzy Hash: 0907e2a4be0cccdfd1e6d8407945c31a021d64048aef887cd070b3c00b6dc3bb
Instruction Fuzzy Hash: CCC08C3CA691018FC204CF80FC95436BBB8A78B30D710703ADA03FB221DE20C4138909

Function 00A46094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7563c5fe7664334d24007823392000dce182153dc4e8bfed3f0dcefa8f51f9d
Instruction ID: 4102940e30d5968d1ca53aeca761b6e22ef9f973fa7f6f74720acb11c87d9391
Opcode Fuzzy Hash: d7563c5fe7664334d24007823392000dce182153dc4e8bfed3f0dcefa8f51f9d
Instruction Fuzzy Hash: 6FC02B38A1C20093950CCF04D800430F377ABC7745720B00DC80323242C030C817C80D

Function 00A11A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5b0cca137c9c2d5f9a2670c33019eec7226e1645728ffcf43095ff8df7730c0
Instruction ID: 737781a7d171cbf564542020ac3469c7c89adbddfef29cd7fb0aaeb9e4f2d8fd
Opcode Fuzzy Hash: e5b0cca137c9c2d5f9a2670c33019eec7226e1645728ffcf43095ff8df7730c0
Instruction Fuzzy Hash: 6AC09B3CB69041CFC244CFC5E8D1472A7FC574720C710303A9B03FB261D961D4168509

Function 00A45FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2305577050.0000000000A01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2305561172.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305618567.0000000000A60000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305635185.0000000000A6C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305786203.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305817211.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BE7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305841052.0000000000BF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305872064.0000000000BFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305887890.0000000000BFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305908692.0000000000C07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305924524.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305940211.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305959416.0000000000C0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305984400.0000000000C23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2305998540.0000000000C24000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306010412.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306022277.0000000000C35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306042684.0000000000C4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306058706.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306069667.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306081360.0000000000C57000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306094247.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306108910.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306122054.0000000000C74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306135205.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306146084.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306159243.0000000000C78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306172223.0000000000C7F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306182823.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306194207.0000000000C81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306208595.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306219609.0000000000C87000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306235008.0000000000C89000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306248811.0000000000C91000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306260991.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306278754.0000000000CAC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306290540.0000000000CCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306328456.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D00000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306343876.0000000000D07000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306379995.0000000000D15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2306392339.0000000000D16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f20d947099310e05365ecfd56deb7fd87ed2ff8e78634781230e9d41e218f89
Instruction ID: f54fe2ed0b3d266d4b18515bbf83f7261b1a4fd293edee63bdccc0ea50bfb27e
Opcode Fuzzy Hash: 5f20d947099310e05365ecfd56deb7fd87ed2ff8e78634781230e9d41e218f89
Instruction Fuzzy Hash: 0CC09B2576820057964CCF54DD51535F2B7ABC7555715B01DC80563255D134D913850C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00A450FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00A0FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00A0D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00A45700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00A45BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00A4695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00A1049B Relevance: .3, Instructions: 264
COMMON

Function 00A43220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00A43202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON